Mercurial > hg > ywww
comparison user/resetEmail.php @ 6:077b0a0a3e6d
remaining originals according to dependency walk
| author | Robert Boland <robert@markup.co.uk> |
|---|---|
| date | Thu, 16 Feb 2017 22:29:02 +0000 |
| parents | |
| children | 385ddd7c4b55 a67bf725e87b |
comparison
equal
deleted
inserted
replaced
| 5:55445b456ad0 | 6:077b0a0a3e6d |
|---|---|
| 1 <?php | |
| 2 require "PasswordHash.php"; | |
| 3 include "../../private/db.php"; | |
| 4 | |
| 5 // emailname and password sent from form | |
| 6 $userID=$_GET['userID']; | |
| 7 $email=$_GET['email']; | |
| 8 $mypassword=$_GET['pwd']; | |
| 9 $receiveEmail=$_GET['receiveEmail']; | |
| 10 $GRState=$_GET['GRState']; | |
| 11 $dName=$_GET['dName']; | |
| 12 $LocID=$_GET['loc']; | |
| 13 | |
| 14 // To protect MySQL injection | |
| 15 $userID = stripslashes($userID); | |
| 16 $userID = mysqli_real_escape_string($link,$userID); | |
| 17 //echo $userID; | |
| 18 $email = stripslashes($email); | |
| 19 $mypassword = stripslashes($mypassword); | |
| 20 $email = mysqli_real_escape_string($link,$email); | |
| 21 $mypassword = mysqli_real_escape_string($link,$mypassword); | |
| 22 $receiveEmail = stripslashes($receiveEmail); | |
| 23 $receiveEmail = mysqli_real_escape_string($link,$receiveEmail); | |
| 24 $GRState = stripslashes($GRState); | |
| 25 $GRState = mysqli_real_escape_string($link,$GRState); | |
| 26 $dName = stripslashes($dName); | |
| 27 $dName = mysqli_real_escape_string($link,$dName); | |
| 28 $LocID = stripslashes($LocID); | |
| 29 $LocID = mysqli_real_escape_string($link,$LocID); | |
| 30 | |
| 31 $t_hasher = new PasswordHash(8, FALSE); | |
| 32 | |
| 33 $query2 = "select Password, FirstName, Surname from user where UserID = $userID"; | |
| 34 $data2 = mysqli_query($link, $query2); | |
| 35 | |
| 36 while($line = mysqli_fetch_assoc($data2)) | |
| 37 { | |
| 38 $passHash = $line['Password']; | |
| 39 $firstName=$line['FirstName']; | |
| 40 $surname=$line['Surname']; | |
| 41 } | |
| 42 $check = $t_hasher->CheckPassword($mypassword, $passHash); | |
| 43 | |
| 44 if( $check ) | |
| 45 { | |
| 46 $hashpwd = $t_hasher->HashPassword($mypassword); | |
| 47 $update="UPDATE user set Email = '$email', DisplayName = '$dName' where UserID = $userID"; | |
| 48 //echo $update; | |
| 49 $run = mysqli_query($link, $update); | |
| 50 | |
| 51 // if successfully inserted data into database, send confirmation link to email | |
| 52 if($run){ | |
| 53 if($dName == "") | |
| 54 { | |
| 55 if($firstName == "") | |
| 56 $dName=$email; | |
| 57 else | |
| 58 $dName = $firstName; | |
| 59 } | |
| 60 | |
| 61 echo $dName . ":::" . $email . ":::" . $surname . ":::" . $receiveEmail . ":::" . $GRState . ":::" . $LocID . ":::" . $userID; | |
| 62 | |
| 63 // ---------------- SEND MAIL FORM ---------------- | |
| 64 $to=$email; | |
| 65 $subject="YourNextRead confirmation"; | |
| 66 $header="from: YourNextRead <noreply@YourNextRead.com>"; | |
| 67 $message="YourNextRead Confirmation\r\n"; | |
| 68 $message.="Your preferences have been changed successfully\r\n"; | |
| 69 } | |
| 70 else { | |
| 71 $to=$email; | |
| 72 $subject="YourNextRead - Error changing email"; | |
| 73 $header="from: YourNextRead <noreply@YourNextRead.com>"; | |
| 74 $message="YourNextRead - Error changing email\r\n"; | |
| 75 $message.="Your email reset has been unsuccessful: Database Error\r\n"; | |
| 76 } | |
| 77 } | |
| 78 else | |
| 79 { | |
| 80 $to=$email; | |
| 81 $subject="YourNextRead - Error changing email"; | |
| 82 $header="from: YourNextRead <noreply@YourNextRead.com>"; | |
| 83 $message="YourNextRead - Error changing prefs\r\n"; | |
| 84 $message.="Your preference change has been unsuccessful: Incorrect password provided \r\n"; | |
| 85 $message.="Please try again under 'Edit Preferences' and ensure you enter the correct password under 'Current Password'\r\n"; | |
| 86 } | |
| 87 $sentmail = mail($to,$subject,$message,$header); | |
| 88 | |
| 89 mysqli_close($link); | |
| 90 ?> |