ywww: user/resetEmail.php annotate

annotate user/resetEmail.php @ 20:7679346abfdb

get code and use it

author	Charlie Root
date	Thu, 25 Oct 2018 09:40:25 -0400
parents	077b0a0a3e6d
children	385ddd7c4b55 a67bf725e87b

rev	line source
6 077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	1 <?php
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	2 require "PasswordHash.php";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	3 include "../../private/db.php";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	4
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	5 // emailname and password sent from form
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	6 $userID=$_GET['userID'];
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	7 $email=$_GET['email'];
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	8 $mypassword=$_GET['pwd'];
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	9 $receiveEmail=$_GET['receiveEmail'];
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	10 $GRState=$_GET['GRState'];
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	11 $dName=$_GET['dName'];
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	12 $LocID=$_GET['loc'];
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	13
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	14 // To protect MySQL injection
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	15 $userID = stripslashes($userID);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	16 $userID = mysqli_real_escape_string($link,$userID);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	17 //echo $userID;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	18 $email = stripslashes($email);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	19 $mypassword = stripslashes($mypassword);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	20 $email = mysqli_real_escape_string($link,$email);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	21 $mypassword = mysqli_real_escape_string($link,$mypassword);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	22 $receiveEmail = stripslashes($receiveEmail);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	23 $receiveEmail = mysqli_real_escape_string($link,$receiveEmail);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	24 $GRState = stripslashes($GRState);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	25 $GRState = mysqli_real_escape_string($link,$GRState);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	26 $dName = stripslashes($dName);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	27 $dName = mysqli_real_escape_string($link,$dName);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	28 $LocID = stripslashes($LocID);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	29 $LocID = mysqli_real_escape_string($link,$LocID);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	30
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	31 $t_hasher = new PasswordHash(8, FALSE);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	32
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	33 $query2 = "select Password, FirstName, Surname from user where UserID = $userID";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	34 $data2 = mysqli_query($link, $query2);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	35
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	36 while($line = mysqli_fetch_assoc($data2))
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	37 {
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	38 $passHash = $line['Password'];
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	39 $firstName=$line['FirstName'];
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	40 $surname=$line['Surname'];
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	41 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	42 $check = $t_hasher->CheckPassword($mypassword, $passHash);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	43
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	44 if( $check )
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	45 {
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	46 $hashpwd = $t_hasher->HashPassword($mypassword);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	47 $update="UPDATE user set Email = '$email', DisplayName = '$dName' where UserID = $userID";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	48 //echo $update;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	49 $run = mysqli_query($link, $update);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	50
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	51 // if successfully inserted data into database, send confirmation link to email
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	52 if($run){
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	53 if($dName == "")
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	54 {
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	55 if($firstName == "")
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	56 $dName=$email;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	57 else
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	58 $dName = $firstName;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	59 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	60
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	61 echo $dName . ":::" . $email . ":::" . $surname . ":::" . $receiveEmail . ":::" . $GRState . ":::" . $LocID . ":::" . $userID;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	62
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	63 // ---------------- SEND MAIL FORM ----------------
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	64 $to=$email;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	65 $subject="YourNextRead confirmation";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	66 $header="from: YourNextRead <noreply@YourNextRead.com>";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	67 $message="YourNextRead Confirmation\r\n";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	68 $message.="Your preferences have been changed successfully\r\n";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	69 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	70 else {
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	71 $to=$email;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	72 $subject="YourNextRead - Error changing email";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	73 $header="from: YourNextRead <noreply@YourNextRead.com>";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	74 $message="YourNextRead - Error changing email\r\n";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	75 $message.="Your email reset has been unsuccessful: Database Error\r\n";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	76 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	77 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	78 else
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	79 {
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	80 $to=$email;
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	81 $subject="YourNextRead - Error changing email";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	82 $header="from: YourNextRead <noreply@YourNextRead.com>";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	83 $message="YourNextRead - Error changing prefs\r\n";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	84 $message.="Your preference change has been unsuccessful: Incorrect password provided \r\n";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	85 $message.="Please try again under 'Edit Preferences' and ensure you enter the correct password under 'Current Password'\r\n";
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	86 }
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	87 $sentmail = mail($to,$subject,$message,$header);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	88
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	89 mysqli_close($link);
077b0a0a3e6d remaining originals according to dependency walk Robert Boland <robert@markup.co.uk> parents: diff changeset	90 ?>

Mercurial > hg > ywww

annotate user/resetEmail.php @ 20:7679346abfdb