Mercurial > hg > ywww
annotate user/uk/resetEmail.php @ 15:385ddd7c4b55 testing
use test_db.php to get mysqld_test instance
author | Henry S. Thompson <ht@inf.ed.ac.uk> |
---|---|
date | Sun, 19 Feb 2017 16:17:53 +0000 |
parents | 077b0a0a3e6d |
children |
rev | line source |
---|---|
6
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
1 <?php |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
2 require "PasswordHash.php"; |
15
385ddd7c4b55
use test_db.php to get mysqld_test instance
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
6
diff
changeset
|
3 include "../../../private/db_test.php"; |
6
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
4 |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
5 // emailname and password sent from form |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
6 $userID=$_GET['userID']; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
7 $email=$_GET['email']; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
8 $mypassword=$_GET['pwd']; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
9 $receiveEmail=$_GET['receiveEmail']; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
10 $GRState=$_GET['GRState']; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
11 |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
12 // To protect MySQL injection |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
13 $userID = stripslashes($userID); |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
14 $userID = mysqli_real_escape_string($link,$userID); |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
15 //echo $userID; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
16 $email = stripslashes($email); |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
17 $mypassword = stripslashes($mypassword); |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
18 $email = mysqli_real_escape_string($link,$email); |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
19 $mypassword = mysqli_real_escape_string($link,$mypassword); |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
20 $receiveEmail = stripslashes($receiveEmail); |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
21 $receiveEmail = mysqli_real_escape_string($link,$receiveEmail); |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
22 $GRState = stripslashes($GRState); |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
23 $GRState = mysqli_real_escape_string($link,$GRState); |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
24 |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
25 |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
26 $t_hasher = new PasswordHash(8, FALSE); |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
27 |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
28 $query2 = "select Password, FirstName, Surname from user where UserID = $userID"; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
29 $data2 = mysqli_query($link, $query2); |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
30 |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
31 while($line = mysqli_fetch_assoc($data2)) |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
32 { |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
33 $passHash = $line['Password']; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
34 $displayName=$line['FirstName']; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
35 $surname=$line['Surname']; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
36 } |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
37 $check = $t_hasher->CheckPassword($mypassword, $passHash); |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
38 |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
39 if( $check ) |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
40 { |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
41 $hashpwd = $t_hasher->HashPassword($mypassword); |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
42 $update="UPDATE user set Email = '$email' where UserID = $userID"; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
43 //echo $update; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
44 $run = mysqli_query($link, $update); |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
45 |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
46 // if successfully inserted data into database, send confirmation link to email |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
47 if($run){ |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
48 if($displayName == "") |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
49 $displayName = $email; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
50 |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
51 echo $displayName . ":::" . $email . ":::" . $surname . ":::" . $receiveEmail . ":::" . $GRState . ":::" . $userID; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
52 |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
53 // ---------------- SEND MAIL FORM ---------------- |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
54 $to=$email; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
55 $subject="BookWhack confirmation"; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
56 $header="from: BookWhack <noreply@bookwhack.com>"; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
57 $message="BookWhack Confirmation\r\n"; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
58 $message.="Your email address has been changed successfully\r\n"; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
59 } |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
60 else { |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
61 $to=$email; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
62 $subject="BookWhack - Error changing email"; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
63 $header="from: BookWhack <noreply@bookwhack.com>"; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
64 $message="BookWhack - Error changing email\r\n"; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
65 $message.="Your email reset has been unsuccessful: Database Error\r\n"; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
66 } |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
67 } |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
68 else |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
69 { |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
70 $to=$email; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
71 $subject="BookWhack - Error changing email"; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
72 $header="from: BookWhack <noreply@bookwhack.com>"; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
73 $message="BookWhack - Error changing email\r\n"; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
74 $message.="Your email change has been unsuccessful: Incorrect password provided \r\n"; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
75 $message.="Please try again under 'Edit Preferences' and ensure you enter the correct password under 'Current Password'\r\n"; |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
76 } |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
77 $sentmail = mail($to,$subject,$message,$header); |
077b0a0a3e6d
remaining originals according to dependency walk
Robert Boland <robert@markup.co.uk>
parents:
diff
changeset
|
78 ?> |