Mercurial > hg > ywww

view user/uk/resetEmail.php @ 15:385ddd7c4b55 testing

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
use test_db.php to get mysqld_test instance
author Henry S. Thompson <ht@inf.ed.ac.uk>
date Sun, 19 Feb 2017 16:17:53 +0000
parents 077b0a0a3e6d
children
line wrap: on
line source

<?php
require "PasswordHash.php";
include "../../../private/db_test.php";  

// emailname and password sent from form
$userID=$_GET['userID'];
$email=$_GET['email'];
$mypassword=$_GET['pwd'];
$receiveEmail=$_GET['receiveEmail'];
$GRState=$_GET['GRState'];

// To protect MySQL injection 
$userID = stripslashes($userID);
$userID = mysqli_real_escape_string($link,$userID);
//echo $userID;
$email = stripslashes($email);
$mypassword = stripslashes($mypassword);
$email = mysqli_real_escape_string($link,$email);
$mypassword = mysqli_real_escape_string($link,$mypassword);
$receiveEmail = stripslashes($receiveEmail);
$receiveEmail = mysqli_real_escape_string($link,$receiveEmail);
$GRState = stripslashes($GRState);
$GRState = mysqli_real_escape_string($link,$GRState);


	$t_hasher = new PasswordHash(8, FALSE);

	$query2 = "select Password, FirstName, Surname from user where UserID = $userID";
	$data2 = mysqli_query($link, $query2);

	while($line = mysqli_fetch_assoc($data2))
	{
		$passHash = $line['Password'];
		$displayName=$line['FirstName'];
		$surname=$line['Surname'];
	}
	$check = $t_hasher->CheckPassword($mypassword, $passHash);

	if( $check )
	{
		$hashpwd = $t_hasher->HashPassword($mypassword);
		$update="UPDATE user set Email = '$email' where UserID = $userID"; 
		//echo $update;
		$run = mysqli_query($link, $update);
		
		// if successfully inserted data into database, send confirmation link to email
		if($run){
			if($displayName == "")
				$displayName = $email;
				
			echo  $displayName . ":::" . $email . ":::" . $surname . ":::" . $receiveEmail . ":::" . $GRState . ":::" . $userID;

			// ---------------- SEND MAIL FORM ----------------
			$to=$email;
			$subject="BookWhack confirmation";
			$header="from: BookWhack <noreply@bookwhack.com>";
			$message="BookWhack Confirmation\r\n";
			$message.="Your email address has been changed successfully\r\n";
		}
		else {
			$to=$email;
			$subject="BookWhack - Error changing email";
			$header="from: BookWhack <noreply@bookwhack.com>";
			$message="BookWhack - Error changing email\r\n";
			$message.="Your email reset has been unsuccessful: Database Error\r\n";
		}
	}
	else
	{
			$to=$email;
			$subject="BookWhack - Error changing email";
			$header="from: BookWhack <noreply@bookwhack.com>";
			$message="BookWhack - Error changing email\r\n";
			$message.="Your email change has been unsuccessful: Incorrect password provided \r\n";
			$message.="Please try again under 'Edit Preferences' and ensure you enter the correct password under 'Current Password'\r\n";
	}
	$sentmail = mail($to,$subject,$message,$header);
?>