ywww: user/resetPassword.php annotate

annotate user/resetPassword.php @ 15:385ddd7c4b55 testing

use test_db.php to get mysqld_test instance

author	Henry S. Thompson <ht@inf.ed.ac.uk>
date	Sun, 19 Feb 2017 16:17:53 +0000
parents	077b0a0a3e6d
children

rev	line source
6 077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	1 <?php
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	2 require "PasswordHash.php";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	3
15 385ddd7c4b55 use test_db.php to get mysqld_test instance Henry S. Thompson <ht@inf.ed.ac.uk> parents: 6 diff changeset	4 include "../../../private/db_test.php";
6 077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	5 include "passGen.php";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	6
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	7 // emailname and password sent from form
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	8 $userID=$_GET['userID'];
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	9 $email=$_GET['email'];
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	10 $mypassword=$_GET['pwd'];
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	11 $oldpass=$_GET['oldpwd'];
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	12
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	13 // To protect MySQL injection
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	14 $userID = stripslashes($userID);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	15 $userID = mysqli_real_escape_string($link,$userID);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	16 //echo $userID;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	17 $email = stripslashes($email);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	18 $mypassword = stripslashes($mypassword);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	19 $email = mysqli_real_escape_string($link,$email);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	20 $mypassword = mysqli_real_escape_string($link,$mypassword);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	21
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	22 $forgotten = 0;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	23
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	24 if( $mypassword == "regen" )
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	25 {
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	26 $mypassword = generatePassword(9);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	27 $forgotten = 1;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	28 $check = 1;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	29 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	30
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	31 //echo $mypassword;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	32 //echo $check;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	33 //echo $forgotten;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	34
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	35 if($forgotten == 1)
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	36 {
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	37 $query1 = "select UserID from user where Email = '$email'";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	38 //echo $query1;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	39 $data1 = mysqli_query($link, $query1);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	40 if($data1){
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	41 $count=mysqli_num_rows($data1);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	42 if($count==1){
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	43 $rows=mysqli_fetch_array($data1, MYSQLI_ASSOC);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	44 $userID=$rows['UserID'];
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	45 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	46 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	47 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	48 else
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	49 {
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	50 $query1 = "select Email from user where UserID = $userID";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	51 //echo $query1;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	52 $data1 = mysqli_query($link, $query1);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	53 if($data1){
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	54 $count=mysqli_num_rows($data1);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	55 if($count==1){
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	56 $rows=mysqli_fetch_array($data1, MYSQLI_ASSOC);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	57 $email=$rows['Email'];
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	58 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	59
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	60 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	61 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	62 //echo $check;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	63 if ( mysqli_num_rows( $data1 ) == 1 )
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	64 {
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	65 $t_hasher = new PasswordHash(8, FALSE);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	66 if($forgotten == 0)
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	67 {
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	68 $query2 = "select Password from user where UserID = $userID";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	69 $data2 = mysqli_query($link, $query2);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	70
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	71 while($line = mysqli_fetch_assoc($data2))
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	72 {
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	73 $passHash = $line['Password'];
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	74 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	75
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	76 $check = $t_hasher->CheckPassword($oldpass, $passHash);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	77 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	78
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	79 if( $check )
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	80 {
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	81 $hashpwd = $t_hasher->HashPassword($mypassword);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	82 $update="UPDATE user set Password = '$hashpwd' where UserID = $userID";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	83 echo $update;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	84 $run = mysqli_query($link, $update);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	85
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	86 // if suceesfully inserted data into database, send confirmation link to email
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	87 if($run && $forgotten == 1){
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	88 // ---------------- SEND MAIL FORM ----------------
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	89 $to=$email;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	90 $subject="YourNextRead confirmation";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	91 $header="from: YourNextRead <noreply@YourNextRead.com>";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	92 $message="YourNextRead Confirmation\r\n";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	93 $message.="Your password has been reset to: $mypassword\r\n";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	94 $message.="This can be changed once logged in";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	95 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	96 else if($run && $forgotten == 0){
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	97 $to=$email;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	98 $subject="YourNextRead confirmation";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	99 $header="from: YourNextRead <noreply@YourNextRead.com>";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	100 $message="YourNextRead Confirmation\r\n";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	101 $message.="Your password has successfully been reset\r\n";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	102 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	103 else {
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	104 echo "Error Updating Password";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	105 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	106 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	107 else
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	108 {
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	109 $to=$email;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	110 $subject="YourNextRead - Error resetting password";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	111 $header="from: YourNextRead <noreply@YourNextRead.com>";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	112 $message="YourNextRead - Error resetting password\r\n";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	113 $message.="Your password reset has been unsuccessful: Incorrect password provided \r\n";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	114 $message.="Please try again under 'Edit Preferences' and ensure you enter the correct password under 'Current Password'\r\n";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	115 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	116 $sentmail = mail($to,$subject,$message,$header);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	117 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	118 else
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	119 echo "Incorrect Email address"
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	120 ?>

Mercurial > hg > ywww

annotate user/resetPassword.php @ 15:385ddd7c4b55 testing