Mercurial > hg > ywww
comparison user/uk/resetEmail.php @ 6:077b0a0a3e6d
remaining originals according to dependency walk
| author | Robert Boland <robert@markup.co.uk> |
|---|---|
| date | Thu, 16 Feb 2017 22:29:02 +0000 |
| parents | |
| children | 385ddd7c4b55 a67bf725e87b |
comparison
equal
deleted
inserted
replaced
| 5:55445b456ad0 | 6:077b0a0a3e6d |
|---|---|
| 1 <?php | |
| 2 require "PasswordHash.php"; | |
| 3 include "../../private/db.php"; | |
| 4 | |
| 5 // emailname and password sent from form | |
| 6 $userID=$_GET['userID']; | |
| 7 $email=$_GET['email']; | |
| 8 $mypassword=$_GET['pwd']; | |
| 9 $receiveEmail=$_GET['receiveEmail']; | |
| 10 $GRState=$_GET['GRState']; | |
| 11 | |
| 12 // To protect MySQL injection | |
| 13 $userID = stripslashes($userID); | |
| 14 $userID = mysqli_real_escape_string($link,$userID); | |
| 15 //echo $userID; | |
| 16 $email = stripslashes($email); | |
| 17 $mypassword = stripslashes($mypassword); | |
| 18 $email = mysqli_real_escape_string($link,$email); | |
| 19 $mypassword = mysqli_real_escape_string($link,$mypassword); | |
| 20 $receiveEmail = stripslashes($receiveEmail); | |
| 21 $receiveEmail = mysqli_real_escape_string($link,$receiveEmail); | |
| 22 $GRState = stripslashes($GRState); | |
| 23 $GRState = mysqli_real_escape_string($link,$GRState); | |
| 24 | |
| 25 | |
| 26 $t_hasher = new PasswordHash(8, FALSE); | |
| 27 | |
| 28 $query2 = "select Password, FirstName, Surname from user where UserID = $userID"; | |
| 29 $data2 = mysqli_query($link, $query2); | |
| 30 | |
| 31 while($line = mysqli_fetch_assoc($data2)) | |
| 32 { | |
| 33 $passHash = $line['Password']; | |
| 34 $displayName=$line['FirstName']; | |
| 35 $surname=$line['Surname']; | |
| 36 } | |
| 37 $check = $t_hasher->CheckPassword($mypassword, $passHash); | |
| 38 | |
| 39 if( $check ) | |
| 40 { | |
| 41 $hashpwd = $t_hasher->HashPassword($mypassword); | |
| 42 $update="UPDATE user set Email = '$email' where UserID = $userID"; | |
| 43 //echo $update; | |
| 44 $run = mysqli_query($link, $update); | |
| 45 | |
| 46 // if successfully inserted data into database, send confirmation link to email | |
| 47 if($run){ | |
| 48 if($displayName == "") | |
| 49 $displayName = $email; | |
| 50 | |
| 51 echo $displayName . ":::" . $email . ":::" . $surname . ":::" . $receiveEmail . ":::" . $GRState . ":::" . $userID; | |
| 52 | |
| 53 // ---------------- SEND MAIL FORM ---------------- | |
| 54 $to=$email; | |
| 55 $subject="BookWhack confirmation"; | |
| 56 $header="from: BookWhack <noreply@bookwhack.com>"; | |
| 57 $message="BookWhack Confirmation\r\n"; | |
| 58 $message.="Your email address has been changed successfully\r\n"; | |
| 59 } | |
| 60 else { | |
| 61 $to=$email; | |
| 62 $subject="BookWhack - Error changing email"; | |
| 63 $header="from: BookWhack <noreply@bookwhack.com>"; | |
| 64 $message="BookWhack - Error changing email\r\n"; | |
| 65 $message.="Your email reset has been unsuccessful: Database Error\r\n"; | |
| 66 } | |
| 67 } | |
| 68 else | |
| 69 { | |
| 70 $to=$email; | |
| 71 $subject="BookWhack - Error changing email"; | |
| 72 $header="from: BookWhack <noreply@bookwhack.com>"; | |
| 73 $message="BookWhack - Error changing email\r\n"; | |
| 74 $message.="Your email change has been unsuccessful: Incorrect password provided \r\n"; | |
| 75 $message.="Please try again under 'Edit Preferences' and ensure you enter the correct password under 'Current Password'\r\n"; | |
| 76 } | |
| 77 $sentmail = mail($to,$subject,$message,$header); | |
| 78 ?> |