Merge pull request #10 from iazaran/features/enhancements

Features/enhancements

Author: iazaran

README.md

@@ -2,7 +2,9 @@
 
 [![Codacy Badge](https://api.codacy.com/project/badge/Grade/9b13bf034af64123821121d191acfaff)](https://app.codacy.com/manual/eazaran/php-mvc?utm_source=github.com&utm_medium=referral&utm_content=iazaran/php-mvc&utm_campaign=Badge_Grade_Dashboard)
 
-> This project tries to cover most of PHP features in a simple MVC structure without installing composer packages. Then developers can use packages for specific requirements. Please add your ideas in Discussions or report bugs in issues.
+> This project tries to cover most of PHP features in a simple MVC structure with minimum installed composer packages. Then developers can use packages for specific requirements. Please add your ideas in Discussions or report bugs in issues.
+
+🚧 WIP: Email verification
 
 #### Features:
 **List of features related with structure**
@@ -43,7 +45,7 @@ Check Cross-site request forgery token
 - **Helper::slug(...)**
 Slugify string to make user-friendly URL
 - **Cache::checkCache(...)**, **Cache::cache(...)** & **Cache::clearCache(...)**
-Check existed cache and cache data if needed by Memcached (needs installed and enabled Memcached)
+Check existed cache, cache data and clear cache, by Memcached (needs installed and enabled Memcached)
 - **UserInfo::current()**
 Return current user information
 - **UserInfo::info(...)**

src/App/HandleForm.php

@@ -19,7 +19,7 @@ public static function validations(array $validates): array
     {
         $output = [];
         $output['status'] = 'OK';
-        $output['message'] = 'Process complete successfully!';
+        $output['message'] = 'The process has been completed successfully!';
 
         $defaultMessages = [
             'required' => 'The field should not be empty!',

src/App/Helper.php

@@ -4,7 +4,6 @@
 
 use JetBrains\PhpStorm\NoReturn;
 use PHPMailer\PHPMailer\PHPMailer;
-use PHPMailer\PHPMailer\SMTP;
 use PHPMailer\PHPMailer\Exception;
 
 /**

src/App/Middleware.php

@@ -106,7 +106,7 @@ private static function getAuthorizationHeader(): ?string
         $headers = null;
         if (isset($_SERVER['Authorization'])) {
             $headers = trim($_SERVER["Authorization"]);
-        } else if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
+        } elseif (isset($_SERVER['HTTP_AUTHORIZATION'])) {
             /**
              * Nginx or fast CGI
              */

src/App/Router.php

@@ -170,7 +170,7 @@ public static function dispatch()
                     echo '404 Page not found';
                     exit();
                 };
-            } else if (is_string(self::$error_callback)) {
+            } elseif (is_string(self::$error_callback)) {
                 self::get($_SERVER['REQUEST_URI'], self::$error_callback);
                 self::$error_callback = null;
                 self::dispatch();

src/Controllers/AuthController.php

@@ -42,8 +42,11 @@ public function registerForm()
     public function register()
     {
         $request = json_decode(json_encode($_POST));
+
         $secret = md5(uniqid(rand(), true));
         $request->secret = $secret;
+        $user_token = md5(uniqid(rand(), true));
+        $request->user_token = $user_token;
 
         $output = HandleForm::validations([
             [$request->email, 'email', 'Please enter a valid Email address!'],
@@ -58,7 +61,9 @@ public function register()
             $output['status'] = 'ERROR';
             $output['message'] = 'This Email registered before!';
         } elseif ($output['status'] == 'OK' && Helper::csrf($request->token) && Auth::register($request)) {
-            Helper::mailto($request->email, 'Welcome to PHPMVC! Your API secret key', '<p>Hi dear friend,</p><hr /><p>This is your API secret key to access authenticated API routes:</p><p><strong>' . $secret . '</strong></p><p>Please keep it in a safe place.</p><hr /><p>Good luck,</p><p><a href="http://localhost:8080" target="_blank" rel="noopener">PPMVC</a></p>');
+            Helper::mailto($request->email, 'Welcome to PHPMVC! Email Verification', '<p>Hi dear friend,</p><hr /><p>Please click on this link to verify your email</p><hr /><p>Good luck,</p><p><a href="http://localhost:8080?email=' . $request->email . '&user_token=' . $user_token . '" target="_blank" rel="noopener">Verify your email at PHPMVC</a></p>');
+
+            setcookie('message', 'Verification has been sent to your email, please check your inbox.', time() + 60);
         } else {
             $output['status'] = 'ERROR';
             $output['message'] = 'There is an error! Please try again.';
@@ -68,6 +73,33 @@ public function register()
         echo json_encode($output);
     }
 
+    /**
+     * Email verification
+     *
+     * @return void
+     */
+    public function verify()
+    {
+        $request = json_decode(json_encode($_POST));
+
+        if (Auth::verify($request) && $secret = Auth::getSecret($request)) {
+            Helper::mailto($request->email, 'PHPMVC! Your API secret key', '<p>Hi dear friend,</p><hr /><p>This is your API secret key to access authenticated API routes:</p><p><strong>' . $secret . '</strong></p><p>Please keep it in a safe place.</p><hr /><p>Good luck,</p><p><a href="http://localhost:8080" target="_blank" rel="noopener">PHPMVC</a></p>');
+
+            setcookie('message', 'Thanks for verification. Now you can publish a post!', time() + 60);
+
+            header('location: ' . URL_ROOT, true, 303);
+            exit();
+        } else {
+            Helper::render(
+                'Auth/verify',
+                [
+                    'page_title' => 'Email Verification',
+                    'page_subtitle' => 'Verification process failed! Please register again with a new email address.'
+                ]
+            );
+        }
+    }
+
     /**
      * Login from
      *

src/Controllers/BlogController.php

@@ -201,7 +201,7 @@ public function delete(string $slug)
 
         if (Blog::delete($slug)) {
             $output['status'] = 'OK';
-            $output['message'] = 'Process complete successfully!';
+            $output['message'] = 'The process has been completed successfully!';
 
             XmlGenerator::feed();
             Cache::clearCache('blog.show.' . $slug);

src/Models/Auth.php

@@ -22,16 +22,61 @@ public static function register(object $request): bool
             `email`,
             `password`,
             `secret`,
+            `user_token`,
             `tagline`
         ) VALUES (:email, :password, :secret, :tagline)");
         Database::bind([
             ':email' => $request->email,
             ':password' => password_hash($request->password1, PASSWORD_DEFAULT),
             ':secret' => $request->secret,
+            ':user_token' => $request->user_token,
             ':tagline' => $request->tagline,
         ]);
 
-        if (Database::execute() && setcookie('loggedin', base64_encode($request->email), time() + (86400 * COOKIE_DAYS))) return true;
+        if (Database::execute()) return true;
+        return false;
+    }
+
+    /**
+     * Email verification
+     *
+     * @param object $request
+     * @return bool
+     */
+    public static function verify(object $request): bool
+    {
+        Database::query("SELECT * FROM users WHERE email = :email");
+        Database::bind(':email', $request->email);
+
+        if (
+            !is_null(Database::fetch())
+            && !is_null(Database::fetch()['user_token'])
+            && $request->user_token == Database::fetch()['user_token']
+            && setcookie('loggedin', base64_encode($request->email), time() + (86400 * COOKIE_DAYS))
+        ) {
+            Database::query("UPDATE users SET verified = :verified WHERE email = :email");
+            Database::bind([
+                ':verified' => 1,
+                ':email' => $request->email,
+            ]);
+
+            if (Database::execute()) return true;
+        }
+        return false;
+    }
+
+    /**
+     * Retrieve token
+     *
+     * @param object $request
+     * @return mixed
+     */
+    public static function getSecret(object $request): mixed
+    {
+        Database::query("SELECT * FROM users WHERE email = :email");
+        Database::bind(':email', $request->email);
+
+        if (!is_null(Database::fetch()) && !is_null(Database::fetch()['secret'])) return Database::fetch()['secret'];
         return false;
     }
 
@@ -61,7 +106,13 @@ public static function login(object $request): bool
         Database::query("SELECT * FROM users WHERE email = :email");
         Database::bind(':email', $request->email);
 
-        if (!is_null(Database::fetch()) && password_verify($request->password, Database::fetch()['password']) && setcookie('loggedin', base64_encode($request->email), time() + (86400 * COOKIE_DAYS))) return true;
+        if (
+            !is_null(Database::fetch())
+            && password_verify($request->password, Database::fetch()['password'])
+            && !is_null(Database::fetch()['user_token'])
+            && Database::fetch()['verified']
+            && setcookie('loggedin', base64_encode($request->email), time() + (86400 * COOKIE_DAYS))
+        ) return true;
         return false;
     }
 

src/Views/Auth/login.php

@@ -25,4 +25,5 @@
             </div>
         </div>
     </div>
-<?php require_once APP_ROOT . '/src/Views/Include/footer.php'; ?>
+
+<?php require_once APP_ROOT . '/src/Views/Include/footer.php'; ?>

src/Views/Auth/register.php

@@ -68,4 +68,5 @@
             </small></code></pre>
         </div>
     </div>
+
 <?php require_once APP_ROOT . '/src/Views/Include/footer.php'; ?>