From 5a4256cf4732a5a5a55e36159b695cc6b7ebb3dd Mon Sep 17 00:00:00 2001 From: Roman Hergenreder Date: Mon, 22 Jun 2020 21:50:58 +0200 Subject: [PATCH] UserToken small fixes --- core/Api/UserAPI.class.php | 797 ++++++++++---------- core/Configuration/CreateDatabase.class.php | 3 +- core/Driver/SQL/SQL.class.php | 1 + 3 files changed, 403 insertions(+), 398 deletions(-) diff --git a/core/Api/UserAPI.class.php b/core/Api/UserAPI.class.php index 3a4fb41..24bafa2 100644 --- a/core/Api/UserAPI.class.php +++ b/core/Api/UserAPI.class.php @@ -2,57 +2,57 @@ namespace Api { -use Driver\SQL\Condition\Compare; + use Driver\SQL\Condition\Compare; -abstract class UserAPI extends Request { + abstract class UserAPI extends Request { - protected function userExists($username, $email) { - $sql = $this->user->getSQL(); - $res = $sql->select("User.name", "User.email") - ->from("User") - ->where(new Compare("User.name", $username), new Compare("User.email", $email)) - ->execute(); + protected function userExists($username, $email) { + $sql = $this->user->getSQL(); + $res = $sql->select("User.name", "User.email") + ->from("User") + ->where(new Compare("User.name", $username), new Compare("User.email", $email)) + ->execute(); - $this->success = ($res !== FALSE); - $this->lastError = $sql->getLastError(); + $this->success = ($res !== FALSE); + $this->lastError = $sql->getLastError(); - if ($this->success && !empty($res)) { - $row = $res[0]; - if (strcasecmp($username, $row['name']) === 0) { - return $this->createError("This username is already taken."); - } else if (strcasecmp($username, $row['email']) === 0) { - return $this->createError("This email address is already in use."); + if ($this->success && !empty($res)) { + $row = $res[0]; + if (strcasecmp($username, $row['name']) === 0) { + return $this->createError("This username is already taken."); + } else if (strcasecmp($username, $row['email']) === 0) { + return $this->createError("This email address is already in use."); + } } + + return $this->success; } - return $this->success; - } + protected function insertUser($username, $email, $password) { + $sql = $this->user->getSQL(); + $salt = generateRandomString(16); + $hash = $this->hashPassword($password, $salt); + $res = $sql->insert("User", array("name", "password", "salt", "email")) + ->addRow($username, $hash, $salt, $email) + ->returning("uid") + ->execute(); - protected function insertUser($username, $email, $password) { - $sql = $this->user->getSQL(); - $salt = generateRandomString(16); - $hash = $this->hashPassword($password, $salt); - $res = $sql->insert("User", array("name", "password", "salt", "email")) - ->addRow($username, $hash, $salt, $email) - ->returning("uid") - ->execute(); + $this->lastError = $sql->getLastError(); + $this->success = ($res !== FALSE); - $this->lastError = $sql->getLastError(); - $this->success = ($res !== FALSE); + if ($this->success) { + return $sql->getLastInsertId(); + } - if ($this->success) { - return $sql->getLastInsertId(); + return $this->success; } - return $this->success; + // TODO: replace this with crypt() in the future + protected function hashPassword($password, $salt) { + return hash('sha256', $password . $salt); + } } - // TODO: replace this with crypt() in the future - protected function hashPassword($password, $salt) { - return hash('sha256', $password . $salt); - } -} - } namespace Api\User { @@ -63,416 +63,419 @@ namespace Api\User { use Api\UserAPI; use DateTime; use Driver\SQL\Condition\Compare; - use Views\Account\ConfirmEmail; + use Driver\SQL\Condition\CondBool; + use Views\Account\ConfirmEmail; - class Create extends UserAPI { + class Create extends UserAPI { - public function __construct($user, $externalCall = false) { - parent::__construct($user, $externalCall, array( - 'username' => new StringType('username', 32), - 'email' => new StringType('email', 64, true), - 'password' => new StringType('password'), - 'confirmPassword' => new StringType('confirmPassword'), - )); - $this->csrfTokenRequired = true; - $this->loginRequired = true; - $this->requiredGroup = USER_GROUP_ADMIN; + public function __construct($user, $externalCall = false) { + parent::__construct($user, $externalCall, array( + 'username' => new StringType('username', 32), + 'email' => new StringType('email', 64, true), + 'password' => new StringType('password'), + 'confirmPassword' => new StringType('confirmPassword'), + )); + $this->csrfTokenRequired = true; + $this->loginRequired = true; + $this->requiredGroup = USER_GROUP_ADMIN; + } + + public function execute($values = array()) { + if (!parent::execute($values)) { + return false; + } + + $username = $this->getParam('username'); + $email = $this->getParam('email'); + if (!$this->userExists($username, $email) || !$this->success) { + return false; + } + + $password = $this->getParam('password'); + $confirmPassword = $this->getParam('confirmPassword'); + if ($password !== $confirmPassword) { + return $this->createError("The given passwords do not match."); + } + + return $this->insertUser($username, $email, $password) !== FALSE; + } } - public function execute($values = array()) { - if (!parent::execute($values)) { - return false; + class Fetch extends UserAPI { + + const SELECT_SIZE = 10; + + private int $userCount; + + public function __construct($user, $externalCall = false) { + + parent::__construct($user, $externalCall, array( + 'page' => new Parameter('page', Parameter::TYPE_INT, true, 1) + )); + + $this->loginRequired = true; + $this->requiredGroup = USER_GROUP_ADMIN; + $this->userCount = 0; + $this->csrfTokenRequired = true; } - $username = $this->getParam('username'); - $email = $this->getParam('email'); - if (!$this->userExists($username, $email) || !$this->success) { - return false; + private function getUserCount() { + + $sql = $this->user->getSQL(); + $res = $sql->select($sql->count())->from("User")->execute(); + $this->success = ($res !== FALSE); + $this->lastError = $sql->getLastError(); + + if ($this->success) { + $this->userCount = $res[0]["count"]; + } + + return $this->success; } - $password = $this->getParam('password'); - $confirmPassword = $this->getParam('confirmPassword'); - if ($password !== $confirmPassword) { - return $this->createError("The given passwords do not match."); - } + public function execute($values = array()) { + if (!parent::execute($values)) { + return false; + } - return $this->insertUser($username, $email, $password) !== FALSE; - } -} + $page = $this->getParam("page"); + if ($page < 1) { + return $this->createError("Invalid page count"); + } -class Fetch extends UserAPI { + if (!$this->getUserCount()) { + return false; + } - const SELECT_SIZE = 10; + $sql = $this->user->getSQL(); + $res = $sql->select("User.uid as userId", "User.name", "User.email", "User.registered_at", + "Group.uid as groupId", "Group.name as groupName") + ->from("User") + ->leftJoin("UserGroup", "User.uid", "UserGroup.user_id") + ->leftJoin("Group", "Group.uid", "UserGroup.group_id") + ->orderBy("User.uid") + ->ascending() + ->limit(Fetch::SELECT_SIZE) + ->offset(($page - 1) * Fetch::SELECT_SIZE) + ->execute(); - private int $userCount; + $this->success = ($res !== FALSE); + $this->lastError = $sql->getLastError(); - public function __construct($user, $externalCall = false) { + if ($this->success) { + $this->result["users"] = array(); + foreach ($res as $row) { + $userId = intval($row["userId"]); + $groupId = intval($row["groupId"]); + $groupName = $row["groupName"]; + if (!isset($this->result["users"][$userId])) { + $this->result["users"][$userId] = array( + "uid" => $userId, + "name" => $row["name"], + "email" => $row["email"], + "registered_at" => $row["registered_at"], + "groups" => array(), + ); + } - parent::__construct($user, $externalCall, array( - 'page' => new Parameter('page', Parameter::TYPE_INT, true, 1) - )); - - $this->loginRequired = true; - $this->requiredGroup = USER_GROUP_ADMIN; - $this->userCount = 0; - $this->csrfTokenRequired = true; - } - - private function getUserCount() { - - $sql = $this->user->getSQL(); - $res = $sql->select($sql->count())->from("User")->execute(); - $this->success = ($res !== FALSE); - $this->lastError = $sql->getLastError(); - - if ($this->success) { - $this->userCount = $res[0]["count"]; - } - - return $this->success; - } - - public function execute($values = array()) { - if(!parent::execute($values)) { - return false; - } - - $page = $this->getParam("page"); - if($page < 1) { - return $this->createError("Invalid page count"); - } - - if (!$this->getUserCount()) { - return false; - } - - $sql = $this->user->getSQL(); - $res = $sql->select("User.uid as userId", "User.name", "User.email", "User.registered_at", - "Group.uid as groupId", "Group.name as groupName") - ->from("User") - ->leftJoin("UserGroup", "User.uid", "UserGroup.user_id") - ->leftJoin("Group", "Group.uid", "UserGroup.group_id") - ->orderBy("User.uid") - ->ascending() - ->limit(Fetch::SELECT_SIZE) - ->offset(($page - 1) * Fetch::SELECT_SIZE) - ->execute(); - - $this->success = ($res !== FALSE); - $this->lastError = $sql->getLastError(); - - if($this->success) { - $this->result["users"] = array(); - foreach($res as $row) { - $userId = intval($row["userId"]); - $groupId = intval($row["groupId"]); - $groupName = $row["groupName"]; - if (!isset($this->result["users"][$userId])) { - $this->result["users"][$userId] = array( - "uid" => $userId, - "name" => $row["name"], - "email" => $row["email"], - "registered_at" => $row["registered_at"], - "groups" => array(), - ); + if (!is_null($groupId)) { + $this->result["users"][$userId]["groups"][$groupId] = $groupName; + } } + $this->result["pageCount"] = intval(ceil($this->userCount / Fetch::SELECT_SIZE)); + $this->result["totalCount"] = $this->userCount; + } - if(!is_null($groupId)) { - $this->result["users"][$userId]["groups"][$groupId] = $groupName; + return $this->success; + } + } + + class Info extends UserAPI { + + public function __construct($user, $externalCall = false) { + parent::__construct($user, $externalCall, array()); + $this->csrfTokenRequired = true; + } + + public function execute($values = array()) { + if (!parent::execute($values)) { + return false; + } + + if (!$this->user->isLoggedIn()) { + $this->result["loggedIn"] = false; + } else { + $this->result["loggedIn"] = true; + } + + $this->result["user"] = $this->user->jsonSerialize(); + return $this->success; + } + } + + class Invite extends UserAPI { + + public function __construct($user, $externalCall = false) { + parent::__construct($user, $externalCall, array( + 'username' => new StringType('username', 32), + 'email' => new StringType('email', 64), + )); + $this->csrfTokenRequired = true; + $this->loginRequired = true; + $this->requiredGroup = USER_GROUP_ADMIN; + } + + public function execute($values = array()) { + if (!parent::execute($values)) { + return false; + } + + $username = $this->getParam('username'); + $email = $this->getParam('email'); + if (!$this->userExists($username, $email)) { + return false; + } + + //add to DB + $token = generateRandomString(36); + $valid_until = (new DateTime())->modify("+48 hour"); + $sql = $this->user->getSQL(); + $res = $sql->insert("UserInvitation", array("username", "email", "token", "valid_until")) + ->addRow($username, $email, $token, $valid_until) + ->execute(); + $this->success = ($res !== FALSE); + $this->lastError = $sql->getLastError(); + + //send validation mail + if ($this->success) { + $request = new SendMail($this->user); + $link = "http://localhost/acceptInvitation?token=$token"; + $this->success = $request->execute(array( + "from" => "webmaster@romanh.de", + "to" => $email, + "subject" => "Account Invitation for web-base@localhost", + "body" => + "Hello,
+you were invited to create an account on web-base@localhost. Click on the following link to confirm the registration, it is 48h valid from now. +If the invitation was not intended, you can simply ignore this email.

$link" + ) + ); + $this->lastError = $request->getLastError(); + } + return $this->success; + } + } + + class Login extends UserAPI { + + private int $startedAt; + + public function __construct($user, $externalCall = false) { + parent::__construct($user, $externalCall, array( + 'username' => new StringType('username', 32), + 'password' => new StringType('password'), + 'stayLoggedIn' => new Parameter('stayLoggedIn', Parameter::TYPE_BOOLEAN, true, true) + )); + $this->forbidMethod("GET"); + } + + private function wrongCredentials() { + $runtime = microtime(true) - $this->startedAt; + $sleepTime = round(3e6 - $runtime); + if ($sleepTime > 0) usleep($sleepTime); + return $this->createError(L('Wrong username or password')); + } + + public function execute($values = array()) { + if (!parent::execute($values)) { + return false; + } + + if ($this->user->isLoggedIn()) { + $this->lastError = L('You are already logged in'); + $this->success = true; + return true; + } + + $this->startedAt = microtime(true); + $this->success = false; + $username = $this->getParam('username'); + $password = $this->getParam('password'); + $stayLoggedIn = $this->getParam('stayLoggedIn'); + + $sql = $this->user->getSQL(); + $res = $sql->select("User.uid", "User.password", "User.salt") + ->from("User") + ->where(new Compare("User.name", $username)) + ->execute(); + + $this->success = ($res !== FALSE); + $this->lastError = $sql->getLastError(); + + if ($this->success) { + if (count($res) === 0) { + return $this->wrongCredentials(); + } else { + $row = $res[0]; + $salt = $row['salt']; + $uid = $row['uid']; + $hash = $this->hashPassword($password, $salt); + if ($hash === $row['password']) { + if (!($this->success = $this->user->createSession($uid, $stayLoggedIn))) { + return $this->createError("Error creating Session: " . $sql->getLastError()); + } else { + $this->result["loggedIn"] = true; + $this->result['logoutIn'] = $this->user->getSession()->getExpiresSeconds(); + $this->success = true; + } + } else { + return $this->wrongCredentials(); + } } } - $this->result["pageCount"] = intval(ceil($this->userCount / Fetch::SELECT_SIZE)); - $this->result["totalCount"] = $this->userCount; + + return $this->success; } - - return $this->success; - } -} - -class Info extends UserAPI { - - public function __construct($user, $externalCall = false) { - parent::__construct($user, $externalCall, array()); - $this->csrfTokenRequired = true; } - public function execute($values = array()) { - if(!parent::execute($values)) { - return false; + class Logout extends UserAPI { + + public function __construct($user, $externalCall = false) { + parent::__construct($user, $externalCall); + $this->loginRequired = true; + $this->apiKeyAllowed = false; + $this->csrfTokenRequired = true; } - if (!$this->user->isLoggedIn()) { - $this->result["loggedIn"] = false; - } else { - $this->result["loggedIn"] = true; + public function execute($values = array()) { + if (!parent::execute($values)) { + return false; + } + + $this->success = $this->user->logout(); + $this->lastError = $this->user->getSQL()->getLastError(); + return $this->success; } - - $this->result["user"] = $this->user->jsonSerialize(); - return $this->success; - } -} - -class Invite extends UserAPI { - - public function __construct($user, $externalCall = false) { - parent::__construct($user, $externalCall, array( - 'username' => new StringType('username', 32), - 'email' => new StringType('email', 64), - )); - $this->csrfTokenRequired = true; - $this->loginRequired = true; - $this->requiredGroup = USER_GROUP_ADMIN; } - public function execute($values = array()) { - if(!parent::execute($values)) { - return false; + class Register extends UserAPI { + + private ?int $userId; + private string $token; + + public function __construct($user, $externalCall = false) { + parent::__construct($user, $externalCall, array( + "username" => new StringType("username", 32), + "email" => new StringType("email", 64), + "password" => new StringType("password"), + "confirmPassword" => new StringType("confirmPassword"), + )); } - $username = $this->getParam('username'); - $email = $this->getParam('email'); - if (!$this->userExists($username, $email)) { - return false; + private function insertToken() { + $validUntil = (new DateTime())->modify("+48 hour"); + $sql = $this->user->getSQL(); + $res = $sql->insert("UserToken", array("user_id", "token", "token_type", "valid_until")) + ->addRow(array($this->userId, $this->token, "confirmation", $validUntil)) + ->execute(); + + $this->success = ($res !== FALSE); + $this->lastError = $sql->getLastError(); + return $this->success; } - //add to DB - $token = generateRandomString(36); - $valid_until = (new DateTime())->modify("+48 hour"); - $sql = $this->user->getSQL(); - $res = $sql->insert("UserInvitation", array("username", "email", "token", "valid_until")) - ->addRow($username, $email, $token, $valid_until) - ->execute(); - $this->success = ($res !== FALSE); - $this->lastError = $sql->getLastError(); + public function execute($values = array()) { + if (!parent::execute($values)) { + return false; + } + + if ($this->user->isLoggedIn()) { + $this->lastError = L('You are already logged in'); + $this->success = false; + return false; + } + + $username = $this->getParam("username"); + $email = $this->getParam('email'); + if (!$this->userExists($username, $email)) { + return false; + } + + $password = $this->getParam("password"); + $confirmPassword = $this->getParam("confirmPassword"); + if (strcmp($password, $confirmPassword) !== 0) { + return $this->createError("The given passwords don't match"); + } + + $id = $this->insertUser($username, $email, $password); + if ($id === FALSE) { + return false; + } + + $this->userId = $id; + $this->token = generateRandomString(36); + if ($this->insertToken()) { + return false; + } - //send validation mail - if($this->success) { $request = new SendMail($this->user); - $link = "http://localhost/acceptInvitation?token=$token"; + $link = "http://localhost/confirmEmail?token=$this->token"; $this->success = $request->execute(array( "from" => "webmaster@romanh.de", "to" => $email, - "subject" => "Account Invitation for web-base@localhost", + "subject" => "E-Mail Confirmation for web-base@localhost", "body" => "Hello,
-you were invited to create an account on web-base@localhost. Click on the following link to confirm the registration, it is 48h valid from now. -If the invitation was not intended, you can simply ignore this email.

$link" - ) - ); - $this->lastError = $request->getLastError(); - } - return $this->success; - } -} - -class Login extends UserAPI { - - private int $startedAt; - - public function __construct($user, $externalCall = false) { - parent::__construct($user, $externalCall, array( - 'username' => new StringType('username', 32), - 'password' => new StringType('password'), - 'stayLoggedIn' => new Parameter('stayLoggedIn', Parameter::TYPE_BOOLEAN, true, true) - )); - $this->forbidMethod("GET"); - } - - private function wrongCredentials() { - $runtime = microtime(true) - $this->startedAt; - $sleepTime = round(3e6 - $runtime); - if($sleepTime > 0) usleep($sleepTime); - return $this->createError(L('Wrong username or password')); - } - - public function execute($values = array()) { - if(!parent::execute($values)) { - return false; - } - - if($this->user->isLoggedIn()) { - $this->lastError = L('You are already logged in'); - $this->success = true; - return true; - } - - $this->startedAt = microtime(true); - $this->success = false; - $username = $this->getParam('username'); - $password = $this->getParam('password'); - $stayLoggedIn = $this->getParam('stayLoggedIn'); - - $sql = $this->user->getSQL(); - $res = $sql->select("User.uid", "User.password", "User.salt") - ->from("User") - ->where(new Compare("User.name", $username)) - ->execute(); - - $this->success = ($res !== FALSE); - $this->lastError = $sql->getLastError(); - - if($this->success) { - if(count($res) === 0) { - return $this->wrongCredentials(); - } else { - $row = $res[0]; - $salt = $row['salt']; - $uid = $row['uid']; - $hash = $this->hashPassword($password, $salt); - if($hash === $row['password']) { - if(!($this->success = $this->user->createSession($uid, $stayLoggedIn))) { - return $this->createError("Error creating Session: " . $sql->getLastError()); - } else { - $this->result["loggedIn"] = true; - $this->result['logoutIn'] = $this->user->getSession()->getExpiresSeconds(); - $this->success = true; - } - } - else { - return $this->wrongCredentials(); - } - } - } - - return $this->success; - } -} - -class Logout extends UserAPI { - - public function __construct($user, $externalCall = false) { - parent::__construct($user, $externalCall); - $this->loginRequired = true; - $this->apiKeyAllowed = false; - $this->csrfTokenRequired = true; - } - - public function execute($values = array()) { - if(!parent::execute($values)) { - return false; - } - - $this->success = $this->user->logout(); - $this->lastError = $this->user->getSQL()->getLastError(); - return $this->success; - } -} - -class Register extends UserAPI { - - private ?int $userId; - private string $token; - - public function __construct($user, $externalCall = false) { - parent::__construct($user, $externalCall, array( - "username" => new StringType("username", 32), - "email" => new StringType("email", 64), - "password" => new StringType("password"), - "confirmPassword" => new StringType("confirmPassword"), - )); - } - - private function insertToken() { - $validUntil = (new DateTime())->modify("+48 hour"); - $sql = $this->user->getSQL(); - $res = $sql->insert("UserToken", array("user_id", "token", "token_type", "valid_until")) - ->addRow(array($this->userId, $this->token, "confirmation", $validUntil)) - ->execute(); - - $this->success = ($res !== FALSE); - $this->lastError = $sql->getLastError(); - return $this->success; - } - - public function execute($values = array()) { - if (!parent::execute($values)) { - return false; - } - - if ($this->user->isLoggedIn()) { - $this->lastError = L('You are already logged in'); - $this->success = false; - return false; - } - - $username = $this->getParam("username"); - $email = $this->getParam('email'); - if (!$this->userExists($username, $email)) { - return false; - } - - $password = $this->getParam("password"); - $confirmPassword = $this->getParam("confirmPassword"); - if(strcmp($password, $confirmPassword) !== 0) { - return $this->createError("The given passwords don't match"); - } - - $id = $this->insertUser($username, $email, $password); - if ($id === FALSE) { - return false; - } - - $this->userId = $id; - $this->token = generateRandomString(36); - if ($this->insertToken()) { - return false; - } - - $request = new SendMail($this->user); - $link = "http://localhost/confirmEmail?token=$this->token"; - $this->success = $request->execute(array( - "from" => "webmaster@romanh.de", - "to" => $email, - "subject" => "E-Mail Confirmation for web-base@localhost", - "body" => - "Hello,
you recently registered an account on web-base@localhost. Click on the following link to confirm the registration, it is 48h valid from now. If the registration was not intended, you can simply ignore this email.

$link" - ) - ); + ) + ); - if (!$this->success) { - $this->lastError = "Your account was registered but the confirmation email could not be sent. " . - "Please contact the server administration. Reason: " . $request->getLastError(); + if (!$this->success) { + $this->lastError = "Your account was registered but the confirmation email could not be sent. " . + "Please contact the server administration. Reason: " . $request->getLastError(); + } + + return $this->success; } - - return $this->success; } -} -class CheckToken extends UserAPI{ + class CheckToken extends UserAPI { public function __construct($user, $externalCall = false) { - parent::__construct($user, $externalCall, array( - 'token' => new StringType('token', 36), - )); + parent::__construct($user, $externalCall, array( + 'token' => new StringType('token', 36), + )); } - public function execute($values = array()){ - parent::execute($values); + public function execute($values = array()) { + if (!parent::execute($values)) { + return false; + } - $token = $this->getParam('token'); - $sql = $this->user->getSQL(); - $res = $sql->select("UserToken.token_type, User.name, User.email")->from("UserToken") - ->innerJoin("user", "UserToken.user_id","User.uid") - ->where(new Compare("UserToken.token",$token), - new Compare("UserToken.valid_until", $sql->now(), ">")) - ->execute(); - $this->lastError = $sql->getLastError(); - $this->success = ($res !== FALSE); + $token = $this->getParam('token'); + $sql = $this->user->getSQL(); + $res = $sql->select("UserToken.token_type", "User.name", "User.email") + ->from("UserToken") + ->innerJoin("User", "UserToken.user_id", "User.uid") + ->where(new Compare("UserToken.token", $token)) + ->where(new Compare("UserToken.valid_until", $sql->now(), ">")) + ->where(new Compare("UserToken.used", 0)) + ->execute(); + $this->lastError = $sql->getLastError(); + $this->success = ($res !== FALSE); - if($this->success) { - if(count($res) == 0) { - $this->lastError = "This token does not exist or is no longer valid"; - $this->success = false; - return false; - } - $this->result["token_type"] = $res[0]["UserToken.token_type"]; - $this->result["username"] = $res[0]["User.username"]; - $this->result["email"] = $res[0]["User.email"]; + if ($this->success) { + if (count($res) > 0) { + $row = $res[0]; + $this->result["token"] = array("type" => $row["token_type"]); + $this->result["user"] = array("name" => $row["name"], "email" => $row["email"]); + } else { + return $this->createError("This token does not exist or is no longer valid"); } - return $this->success; + } + return $this->success; } -} + } } \ No newline at end of file diff --git a/core/Configuration/CreateDatabase.class.php b/core/Configuration/CreateDatabase.class.php index d32d9bc..b0215e7 100755 --- a/core/Configuration/CreateDatabase.class.php +++ b/core/Configuration/CreateDatabase.class.php @@ -60,8 +60,9 @@ class CreateDatabase { $queries[] = $sql->createTable("UserToken") ->addInt("user_id") ->addString("token", 36) - ->addEnum("token_type", array("password_reset", "confirmation")) + ->addEnum("token_type", array("password_reset", "email_confirm")) ->addDateTime("valid_until") + ->addBool("used", false) ->foreignKey("user_id", "User", "uid", new CascadeStrategy()); $queries[] = $sql->createTable("Group") diff --git a/core/Driver/SQL/SQL.class.php b/core/Driver/SQL/SQL.class.php index b439ccd..7b5c48d 100644 --- a/core/Driver/SQL/SQL.class.php +++ b/core/Driver/SQL/SQL.class.php @@ -281,6 +281,7 @@ abstract class SQL { protected abstract function columnName($col); // Special Keywords and functions + public function now() { return $this->currentTimestamp(); } public abstract function currentTimestamp(); public function count($col = NULL) {