#295 -- Ajustar mecanismo de autenticação padrão

bireme · Nov 21, 2023 · 757bf8c · 757bf8c
1 parent 9170225
commit 757bf8c
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 11 deletions.
diff --git a/server/classes/UserDAO.php b/server/classes/UserDAO.php
@@ -437,7 +437,6 @@ public static function userConfirm($userEmail, $userKey, $action){
                         WHERE `sysUID` = '".$sysUID."'
                         AND `key` = '".$userKey."'
                         AND `action` = '".$action."'";
-
             try{
                 $_db = new DBClass();
                 $result = $_db->databaseQuery($strsql);
@@ -453,7 +452,6 @@ public static function userConfirm($userEmail, $userKey, $action){
                         WHERE u.sysUID = '".$sysUID."'
                         AND uc.sysUID = '".$sysUID."'
                         AND uc.action = '".$action."'";
-
                 try{
                     $_db = new DBClass();
                     $res = $_db->databaseQuery($strsql);
@@ -467,7 +465,6 @@ public static function userConfirm($userEmail, $userKey, $action){
                         WHERE `email` = '".$userEmail."'
                         AND `key` = '".$userKey."'
                         AND `action` = '".$action."'";
-
             try{
                 $_db = new DBClass();
                 $result = $_db->databaseQuery($strsql);
@@ -481,7 +478,6 @@ public static function userConfirm($userEmail, $userKey, $action){
                         SET confirmation_date = '".date('Y-m-d H:i:s')."'
                         WHERE email = '".$userEmail."'
                         AND action = '".$action."'";
-
                 try{
                     $_db = new DBClass();
                     $res = $_db->databaseQuery($strsql);
@@ -572,13 +568,17 @@ public static function deleteUserConfirm($email, $action, $type=''){
      */
     public static function sendUserConfirm($objUser, $action){
         $retValue = false;
+        $addConfirm = false;
         $email = $objUser->getEmail();
         $date = date('Y-m-d H:i:s');
-
-        // create a random key
-        $key = md5(uniqid(mt_rand(), true));
-        $deleteConfirm = self::deleteUserConfirm($email,$action);
-        $addConfirm = self::addUserConfirm($email,$key,$date,$action);
+
+        $isInServPlat = self::isUser($email);
+        if ( $isInServPlat ) {
+            // create a random key
+            $key = md5(uniqid(mt_rand(), true));
+            $deleteConfirm = self::deleteUserConfirm($email,$action);
+            $addConfirm = self::addUserConfirm($email,$key,$date,$action);
+        }
 
         if( $addConfirm ) {
             $to = array($email);
@@ -616,6 +616,7 @@ public static function sendNewPassConfirm($userEmail, $action){
 
         $isInServPlat = self::isUser($email);
         if ( $isInServPlat && self::isActive($email) ) {
+            // create a random key
             $key = md5(uniqid(mt_rand(), true));
             $deleteConfirm = self::deleteUserConfirm($email,$action);
             $addConfirm = self::addUserConfirm($email,$key,$date,$action);

diff --git a/server/pub/changePassword.php b/server/pub/changePassword.php
@@ -18,11 +18,13 @@
 $callerURL = !empty($_REQUEST['c'])?base64_decode($_REQUEST['c']):false;
 $source = $_SESSION['source'] ? $_SESSION['source'] : false;
 
-if ( empty($_SESSION['userTK']) || ( $source && in_array($source, array('default', 'ldap')) ) )
+if ( empty($_SESSION['userTK']) || ( $source && !in_array($source, array('default', 'ldap')) ) ) {
     header("Location: ".RELATIVE_PATH."/controller/authentication");
+}
 
-if ( !empty($_GET['userTK']) )
+if ( !empty($_GET['userTK']) ) {
     $arrUserData = Token::unmakeUserTK($_GET['userTK']);
+}
 
 $userID = isset($arrUserData)?$arrUserData['userID']:false;