Mercurial > hg > ywww
diff user/resetEmail.php @ 6:077b0a0a3e6d
remaining originals according to dependency walk
| author | Robert Boland <robert@markup.co.uk> |
|---|---|
| date | Thu, 16 Feb 2017 22:29:02 +0000 |
| parents | |
| children | 385ddd7c4b55 a67bf725e87b |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/user/resetEmail.php Thu Feb 16 22:29:02 2017 +0000 @@ -0,0 +1,90 @@ +<?php +require "PasswordHash.php"; +include "../../private/db.php"; + +// emailname and password sent from form +$userID=$_GET['userID']; +$email=$_GET['email']; +$mypassword=$_GET['pwd']; +$receiveEmail=$_GET['receiveEmail']; +$GRState=$_GET['GRState']; +$dName=$_GET['dName']; +$LocID=$_GET['loc']; + +// To protect MySQL injection +$userID = stripslashes($userID); +$userID = mysqli_real_escape_string($link,$userID); +//echo $userID; +$email = stripslashes($email); +$mypassword = stripslashes($mypassword); +$email = mysqli_real_escape_string($link,$email); +$mypassword = mysqli_real_escape_string($link,$mypassword); +$receiveEmail = stripslashes($receiveEmail); +$receiveEmail = mysqli_real_escape_string($link,$receiveEmail); +$GRState = stripslashes($GRState); +$GRState = mysqli_real_escape_string($link,$GRState); +$dName = stripslashes($dName); +$dName = mysqli_real_escape_string($link,$dName); +$LocID = stripslashes($LocID); +$LocID = mysqli_real_escape_string($link,$LocID); + + $t_hasher = new PasswordHash(8, FALSE); + + $query2 = "select Password, FirstName, Surname from user where UserID = $userID"; + $data2 = mysqli_query($link, $query2); + + while($line = mysqli_fetch_assoc($data2)) + { + $passHash = $line['Password']; + $firstName=$line['FirstName']; + $surname=$line['Surname']; + } + $check = $t_hasher->CheckPassword($mypassword, $passHash); + + if( $check ) + { + $hashpwd = $t_hasher->HashPassword($mypassword); + $update="UPDATE user set Email = '$email', DisplayName = '$dName' where UserID = $userID"; + //echo $update; + $run = mysqli_query($link, $update); + + // if successfully inserted data into database, send confirmation link to email + if($run){ + if($dName == "") + { + if($firstName == "") + $dName=$email; + else + $dName = $firstName; + } + + echo $dName . ":::" . $email . ":::" . $surname . ":::" . $receiveEmail . ":::" . $GRState . ":::" . $LocID . ":::" . $userID; + + // ---------------- SEND MAIL FORM ---------------- + $to=$email; + $subject="YourNextRead confirmation"; + $header="from: YourNextRead <noreply@YourNextRead.com>"; + $message="YourNextRead Confirmation\r\n"; + $message.="Your preferences have been changed successfully\r\n"; + } + else { + $to=$email; + $subject="YourNextRead - Error changing email"; + $header="from: YourNextRead <noreply@YourNextRead.com>"; + $message="YourNextRead - Error changing email\r\n"; + $message.="Your email reset has been unsuccessful: Database Error\r\n"; + } + } + else + { + $to=$email; + $subject="YourNextRead - Error changing email"; + $header="from: YourNextRead <noreply@YourNextRead.com>"; + $message="YourNextRead - Error changing prefs\r\n"; + $message.="Your preference change has been unsuccessful: Incorrect password provided \r\n"; + $message.="Please try again under 'Edit Preferences' and ensure you enter the correct password under 'Current Password'\r\n"; + } + $sentmail = mail($to,$subject,$message,$header); + + mysqli_close($link); +?> \ No newline at end of file