diff --git a/kernel/modules/secure/controllers/SecureController.php b/kernel/modules/secure/controllers/SecureController.php index 7466afc..299cead 100644 --- a/kernel/modules/secure/controllers/SecureController.php +++ b/kernel/modules/secure/controllers/SecureController.php @@ -81,7 +81,8 @@ class SecureController extends AdminController $user = $this->userService->getByField('email', $email); if (!$user){ - $password = md5(microtime() . bin2hex(random_bytes(10)) . time()); + $password = bin2hex(random_bytes(8)); + UserService::createUserByEmailAndPassword($email, $password); $user = $this->userService->getByField('email', $email); @@ -124,7 +125,7 @@ class SecureController extends AdminController $this->redirect("/admin", code: 302); } else { Flash::setMessage("error", "Wrong code."); - $this->redirect("/admin/login", code: 302); + $this->cgView->render("enter_code.php", ['email' => $_COOKIE["user_email"]]); } } diff --git a/kernel/modules/secure/controllers/SecureRestController.php b/kernel/modules/secure/controllers/SecureRestController.php index 42ede4a..7806f4b 100644 --- a/kernel/modules/secure/controllers/SecureRestController.php +++ b/kernel/modules/secure/controllers/SecureRestController.php @@ -51,4 +51,32 @@ class SecureRestController extends RestController $this->renderApi($res); } +// #[NoReturn] public function actionEmailAuth(): void +// { +// $request = new Request(); +// $data = $request->post(); +// $model = $this->model->where('email', $data['email'])->first(); +// $res = []; +// if ($model) { +// if (password_verify($data["password"], $model->password_hash)) { +// $model->access_token_expires_at = date("Y-m-d H:i:s", strtotime(App::$secure['token_expired_time'])); +// $model->access_token = match (App::$secure['token_type']) { +// "JWT" => TokenService::JWT($_ENV['SECRET_KEY'], 'HS256'), +// "md5" => TokenService::md5(), +// "crypt" => TokenService::crypt(), +// "hash" => TokenService::hash('sha256'), +// default => TokenService::random_bytes(20), +// }; +// +// $res = [ +// "access_token" => $model->access_token, +// "access_token_expires_at" => $model->access_token_expires_at, +// ]; +// } +// $model->save(); +// } +// +// $this->renderApi($res); +// } + } \ No newline at end of file