<?php
error_reporting(E_ALL);
$errors = array();
try {
if (isset($_POST['submit'])) {
if (empty($_POST['email'])) {
$errors['email'] = "Please give us your email.";
} else {
$temail = mysqli_real_escape_string($dbconn, $_POST['email']);
$yesE = checkEmailDup($dbconn, $temail);
$yesE = mysqli_fetch_assoc($yesE);
if (empty($yesE)) {
$errors['empty'] = "<em>We do not have your email on file.<br>Please contact us at trainer@fytme.net</em>";
}
}
if (!$errors) {
$code = rand() . "-" . $yesE['contactId'];
$sqlInsert = "INSERT INTO pwdReset (code) VALUE ('{$code}')";
$dbconn->query($sqlInsert);
$to = $temail;
$subject = "FYTME Link";
$message = "Please go to http://fytme.net/resetPassword.php?code=" . $code . " to reset your password. This link will only be active for 2 hours.";
$headers = "From: trainers@fytme.com \r\n";
if (mail($to, $subject, $message, $headers)) {
header("location:getPassword.php?confirm");
} else {
echo "The email failed.";
}
}
}
<?php
error_reporting(E_ALL);
$errors = array();
if (isset($_GET['contactId'])) {
$contactId = $_GET['contactId'];
}
$contact = getContact($dbconn, $contactId);
try {
if (isset($_POST['create'])) {
//validators
$temail = trim($_POST['email']);
$emailDup = checkEmailDup($dbconn, $temail);
if (empty($temail)) {
$errors['email'] = 'Please give us a valid email format.';
} elseif (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$errors['email'] = "Please use a valid email format.";
} else {
if (mysqli_num_rows($emailDup) > 0) {
$errors['email'] = "This email is already being used.";
}
}
//password strength validation
$tpw = trim($_POST['pwd']);
//eliminate accidental space
if (empty($tpw)) {
$errors['pwd'] = 'Please create a password';
} else {
if (!preg_match("/(?=^.{8,}\$)(?=.*\\d)(?=.*[!@#\$%^&*]+)(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*\$/", $_POST['pwd'])) {
$errors['pwd'] = 'Must contain upper and lower case letter, numbers, and special characters.';
}