public function edit()
{
$user = $this->input->post();
$id = intval($user['id']);
$user_db = $this->user_model->get(null, $id);
$rules = $this->user_model->rules;
if ($user['username'] != $user_db->username) {
$rules['username']['rules'] .= '|is_unique[user.username]';
}
if ($user['email'] != $user_db->email) {
$rules['email']['rules'] .= '|is_unique[user.email]';
}
$this->form_validation->set_rules($rules);
if ($this->form_validation->run()) {
$user['password'] = hash_pass($user['password']);
if ($id = $this->user_model->save($user, $id)) {
$data['status'] = 'success';
$data['msg'] = 'Sửa thông tin thành viên thành công.';
$data['reload'] = logged_url('user');
} else {
$data['status'] = 'error';
$data['msg'] = 'Không thể sửa thông tin thành viên, hãy thử lại.';
$data['reload'] = true;
}
} else {
$data['status'] = 'error';
$data['msg']['form_error'] = show_form_error($rules);
}
echo json_encode($data);
}
function process_form()
{
if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) {
trigger_error('XSRF code incorrect', E_USER_ERROR);
}
$members = preg_split('#[\\n\\r\\s]+#', $_POST['new_members'], PREG_SPLIT_NO_EMPTY);
$invalid_emails = '';
foreach ($members as $email) {
$email = strtolower($email);
$valid = true;
// Check that address is valid
if (!preg_match('/^([\\w\\!\\#$\\%\\&\'\\*\\+\\-\\/\\=\\?\\^\\`{\\|\\}\\~]+\\.)*[\\w\\!\\#$\\%\\&\'\\*\\+\\-\\/\\=\\?\\^\\`{\\|\\}\\~]' . '+@((((([a-z0-9]{1}[a-z0-9\\-]{0,62}[a-z0-9]{1})|[a-z])\\.)+[a-z]{2,6})|(\\d{1,3}\\.){3}\\d{1,3}(\\:\\d{1,5})?)$/i', $email)) {
$valid = false;
}
// Check that account does not already exist
$sql_email = mysqli_real_escape_string(DB::get(), $email);
$query = 'SELECT COUNT(*) FROM users WHERE LOWER(email)="' . $sql_email . '"';
$result = DB::queryRaw($query);
$row = mysqli_fetch_assoc($result);
if ($row['COUNT(*)'] != 0) {
$valid = false;
}
if (!$valid) {
$invalid_emails .= $email . "\n";
} else {
// email address is valid; send invitation
// Generate pre-approval code (the year and month are hashed in)
global $SECRET_SALT;
$code = sha1(hash_pass($email, $SECRET_SALT) . 'KJincsaio09j87po8h6CAlo8tesojesai' . date('YF'));
// Generate link
$protocol = $_SERVER['HTTPS'] == 'on' ? 'https' : 'http';
$url_pieces = parse_url($_SERVER['REQUEST_URI']);
$dir = dirname(dirname($url_pieces['path']));
if ($dir == '/') {
$dir = '';
}
$link = $protocol . '://' . $_SERVER['HTTP_HOST'] . $dir . '/Account/Pre_Approval?email=' . $email . '&approval=' . $code;
// Send email
global $WEBMASTER_EMAIL;
$to = $email;
$subject = 'Welcome';
$body = <<<HEREDOC
Welcome to the LHS Math Club!
The Math Club website allows members to download handouts, view test scores, and
subscribe to the mailing list. To sign up for an account, click the link below:
{$link}
HEREDOC;
send_email($to, $subject, $body, $WEBMASTER_EMAIL);
}
}
$_SESSION['INVITE_done'] = $invalid_emails;
header('Location: Invite_Members');
}
function new_user($username, $password)
{
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$salt = substr(hash('sha256', $username . microtime() . rand(0, 1000000)), 0, 10);
$hash_password = hash_pass($password . $salt . PASSWORD_SALT);
$query = "INSERT INTO users(username, hash_password ,salt) VALUES ('{$username}', '{$hash_password}', '{$salt}')";
$ret = true;
mysql_query($query) or $ret = false;
return $ret;
}
function process_login_form()
{
$email = strtolower($_POST['email']);
$passhash = hash_pass($email, $_POST['pass']);
// Check to see if the user/ip is temporarily banned:
// An IP is banned when 10 unsuccessful attempts are made to log in from a single IP/email within 10 minutes,
// regardless of whether any successful attempts were made.
$attempts = DBExt::queryCount('login_attempts', array('successful=0', '(remote_ip=%s OR email=%s)', DBExt::timeInInterval('request_time', '-10m', '')), $_SERVER['REMOTE_ADDR'], $email);
if ($attempts > 10) {
log_attempt($email, false);
alert('You have been temporarily locked out. Please wait 10 minutes before attempting to sign in again.', -1);
show_login_form('');
return;
}
// Check for super-user login:
// (the account LHSMATH and password set in CONFIG
if ($email == 'lhsmath') {
global $LHSMATH_PASSWORD;
if ($passhash == $LHSMATH_PASSWORD) {
// $LHSMATH_PASSWORD is pre-hashed
log_attempt('LHSMATH', true);
session_destroy();
session_name('Session');
session_start();
session_regenerate_id(true);
$_SESSION['user_name'] = 'LHSMATH Super-Admin';
$_SESSION['permissions'] = '+';
$_SESSION['login_time'] = time();
$_SESSION['user_id'] = '-999';
header('Location: ' . URL::root() . '/Admin/Super_Admin');
die;
}
}
// Validate credentials
$id = DB::queryFirstField('SELECT id FROM users WHERE LOWER(email)=%s AND passhash=%s LIMIT 1', $email, $passhash);
if (is_null($id)) {
log_attempt($email, false);
show_login_form($email);
alert('Incorrect email address or password', -1);
return;
}
// ** CREDENTIALS ARE VALIDATED AT THIS POINT ** //
log_attempt($email, true);
set_login_data($id);
alert('Logged in!', 1);
//If this page was being included, redirect back.
global $being_included;
if ($being_included) {
header('Location: ' . $_SERVER['REQUEST_URI']);
} else {
header('Location: ../Home');
}
}
function validate_approval()
{
$email = strtolower($_GET['email']);
$approval = $_GET['approval'];
// Checks if the code was issued either this month or last
global $SECRET_SALT;
$correct_code_1 = sha1(hash_pass($email, $SECRET_SALT) . 'KJincsaio09j87po8h6CAlo8tesojesai' . date('YF'));
$last_month = time() - 60 * 60 * 24 * ((int) date('j') + 1);
$correct_code_2 = sha1(hash_pass($email, $SECRET_SALT) . 'KJincsaio09j87po8h6CAlo8tesojesai' . date('YF', $last_month));
if ($approval === $correct_code_1 || $approval === $correct_code_2) {
$_SESSION['PREAPPROVED'] = $email;
$_SESSION['PREAPPROVED_expiry'] = time() + 54000;
// expires in 15 minutes
header('Location: Register');
die;
}
header('Location: ../Error');
die;
}
function edit_member($email, $fullname, $password, $dob, $lang)
{
$hashed_password = $password == load_member()['password'] ? $password : hash_pass($password);
$edited_time = date('Y-m-d h:i:s A');
$path = realpath($_SERVER['DOCUMENT_ROOT']) . '/member/' . $email;
$db_path = $path . '/member.db';
$db_sql = 'UPDATE member SET password=:password,fullname=:fullname,dob=:dob,lang=:lang,edited_at=:edited_at WHERE email=:email';
try {
$db = new PDO('sqlite:' . $db_path);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db_query = $db->prepare($db_sql);
$db_query->bindParam(':password', $hashed_password);
$db_query->bindParam(':fullname', $fullname);
$db_query->bindParam(':dob', $dob);
$db_query->bindParam(':lang', $lang);
$db_query->bindParam(':edited_at', $edited_time);
$db_query->bindParam(':email', $email);
$db_query->execute();
} catch (PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
}
function process_form()
{
// INITIAL DATA FETCHING
global $name, $email, $cell, $yog, $mailings;
// so that the show_form function can use these values later
$name = htmlentities(ucwords(trim(strtolower($_POST['name']), ' \\-\'')));
foreach (array('-', '\'') as $delimiter) {
if (strpos($name, $delimiter) !== false) {
$name = implode($delimiter, array_map('ucfirst', explode($delimiter, $name)));
}
}
// forces characters after spaces, hyphens and apostrophes to be capitalized
$name = preg_replace('/[\\s\']*\\-+[\\s\']*/', '-', $name);
// removes hyphens not between two characters
$name = preg_replace('/[\\s\\-]*\'+[\\s\\-]*/', '\'', $name);
// removes apostrophes not between two characters
$name = preg_replace('/\\s+/', ' ', $name);
// removes multiple consecutive spaces
$name = preg_replace('/\\-+/', '-', $name);
// removes multiple consecutive hyphens
$name = preg_replace('/\'+/', '\'', $name);
// removes multiple consecutive apostrophes
$email = htmlentities(strtolower($_POST['email']));
$cell = htmlentities($_POST['cell']);
$yog = $_POST['yog'];
$pass = $_POST['pass1'];
$mailings = '0';
if ($_POST['mailings'] == 'Yes') {
$mailings = '1';
}
// CHECK THAT THE NAME IS VALID
if (($name = sanitize_username($name)) === false) {
alert('Your name must have only letters, hyphens, apostrophes, and spaces, and be between 3 and 30 characters long', -1);
show_form();
return;
}
if (strpos($name, ' ') == false) {
alert('Please enter both your first <span class="i">and</span> last name', -1);
show_form();
return;
}
// CHECK THAT THE EMAIL ADDRESS IS VALID
if (!val('e', $email)) {
alert('That\'s not a valid email address', -1);
show_form();
return;
}
// CHECK AND FORMAT CELL PHONE NUMBER
if ($cell != '' && ($cell = format_phone_number($cell)) === false) {
//Validate the format of the cell phone number (if it's not left blank)
alert('That\'s not a valid cell phone number', -1);
show_form();
return;
}
// CHECK THAT THE YOG IS VALID
$grade = intval(getGradeFromYOG($yog));
if ($grade < 9 || $grade > 12) {
alert('That is not a valid YOG (' . $grade . 'you have to be in high school)', -1);
show_form();
return;
}
// CHECK THAT THE PASSWORDS MATCH, MEET MINIMUM LENGTH
if ($pass != $_POST['pass2']) {
alert('The passwords that you entered do not match', -1);
show_form();
return;
}
if (strlen($pass) < 6) {
alert('Please choose a password that has at least 6 characters', -1);
show_form();
return;
}
// CHECK THAT THEY ENTERED THE RECAPTCHA CORRECTLY
// CURRENTLY BROKEN: NEED TO UPDATE RECAPTCHA
/*
$recaptcha_msg = validate_recaptcha();
if ($recaptcha_msg !== true) {
alert($recaptcha_msg, -1);
show_form();
return;
}
*/
// CHECK THAT AN ACCOUNT WITH THAT EMAIL DOES NOT ALREADY EXIST
// this is done *after* checking the reCaptcha to prevent bots from harvesting our email
// addresses via a brute-force attack.
if (DBExt::queryCount('users', 'LOWER(email)=LOWER(%s)', $email) != 0) {
alert('An account with that email address already exists', -1);
show_form();
return;
}
// CHECK THAT AN ACCOUNT WITH THE SAME NAME IN THE SAME GRADE DOES NOT EXIST
// - with the exception that if it's permissions = 'E', they probably mistyped their email and are redoing it.
if (DBExt::queryCount('users', 'LOWER(name)=%s AND yog=%i AND permissions!="E"', strtolower($name), $yog) != 0) {
alert('An account in your grade with that name already exists', -1);
show_form();
return;
}
// ** All information has been validated at this point **
$verification_code = generate_code(5);
// for verifying ownership of the email address
// Check if email address has been pre-approved
if (isset($_SESSION['PREAPPROVED']) && $email === $_SESSION['PREAPPROVED']) {
$approved = '1';
// skip Captain approval
$verification_code = '1';
// skip email verification (already done)
} else {
$approved = '0';
}
// Create database entry
$passhash = hash_pass($email, $pass);
if ($cell == '') {
$cell = 'None';
} else {
$cell = preg_replace('#[^\\d]#', '', $_POST['cell']);
}
// remove non-numbers from cell phone # again
DB::insert('users', array('name' => $name, 'email' => $email, 'passhash' => $passhash, 'cell' => $cell, 'yog' => $yog, 'mailings' => $mailings, 'approved' => $approved, 'email_verification' => $verification_code, 'registration_ip' => htmlentities(strtolower($_SERVER['REMOTE_ADDR']))));
set_login_data(DB::insertId());
// LOG THEM IN
// For pre-approved members:
if ($approved == '1') {
global $WEBMASTER_EMAIL;
$to = array($email => $name);
$subject = 'Account Created';
$body = <<<HEREDOC
Welcome to the LHS Math Club website, {$name}!
Your account has been created. If you have any questions about the site, please email
the webmaster at {$WEBMASTER_EMAIL}
HEREDOC;
send_email($to, $subject, $body, $WEBMASTER_EMAIL);
$_SESSION['HOME_welcome'] = 'Welcome to the LHS Math Club website, ' . $name . '!';
header('Location: Home');
}
$_SESSION['ACCOUNT_do_send_verification_email'] = true;
header('Location: Verify_Email');
}
function add_user($fullname, $username, $password, $email, $date, $user_ip, $activation_code)
{
//declaring $salt and $link as global allows the function to access the values stored in these variables
global $salt;
global $link;
global $password_store_key;
$err = array();
//here we validate that the user submitted all fields
//php function 'strlen' — Get string length
if (empty($fullname) || strlen($fullname) < 4) {
$err[] = "You must enter your name";
}
if (empty($username) || strlen($username) < 4) {
$err[] = "You must enter a username";
}
if (empty($password) || strlen($password) < 4) {
$err[] = "You must enter a password";
}
if (empty($email) || !check_email($email)) {
$err[] = "Please enter a valid email address.";
}
$q = mysql_query("SELECT user_name, usr_email FROM " . USERS . " WHERE user_name = '{$username}' OR usr_email = AES_ENCRYPT('{$email}', '{$salt}')");
if (mysql_num_rows($q) > 0) {
$err[] = "User already exists";
}
if (empty($err)) {
//the function hash_pass is defined in config.inc.php, line 312
$password = hash_pass($password);
$q1 = mysql_query("INSERT INTO " . USERS . " (full_name, user_name, usr_pwd, usr_email, date, users_ip, activation_code) VALUES ('{$fullname}', '{$username}', '{$password}', AES_ENCRYPT('{$email}', '{$salt}'), '{$date}', '{$user_ip}', '{$activation_code}')", $link) or die("Unable to insert data");
//Generate rough hash based on user id from above insertion statement
$user_id = mysql_insert_id($link);
//get the id of the last inserted item
$md5_id = md5($user_id);
mysql_query("UPDATE " . USERS . " SET md5_id='{$md5_id}' WHERE id='{$user_id}'");
if (REQUIRE_ACTIVIATION) {
//set the approve flag to 0
$rs_activ = mysql_query("UPDATE " . USERS . " SET approved='0' WHERE\n\t\t\t\tmd5_id='" . $md5_id . "' AND activation_code = '" . $activation_code . "' ") or die(mysql_error());
//send an email with the activation key
//first, retrieve my encrypted password
$key = $password_store_key;
$result = mysql_query("SELECT * , AES_DECRYPT(password, '{$key}') AS password FROM " . PSTORE_TABLE . " WHERE username=AES_ENCRYPT('" . GLOBAL_EMAIL . "', '{$key}')") or die(mysql_error());
$row = mysql_fetch_assoc($result);
$pw = $row['password'];
//generate the message
$message = "Hi " . $fullname . "!\n\n\t\t\t\tThank you for registering with us. Here are your login details...\n\n\t\t\t\tUser ID: " . $username . "\n\n\t\t\t\tEmail: " . $email . "\n\n\t\t\t\tPassword: "******"\n\n\n\n\t\t\t\tYou must activate your account before you can actually do anything:\n\n\t\t\t\t" . SITE_BASE . "/admin/activate.php?user="******"&activ_code=" . $activation_code . "\n\n\n\n\n\t\t\t\tThank You,\n\n\n\t\t\t\tAdministrator\n\n\t\t\t\t" . SITE_BASE . "";
//next, we use swift's email function
$email_to = $email;
$email_from = GLOBAL_EMAIL;
$password = $pw;
$subj = "Registration successful!";
$transport = Swift_SmtpTransport::newInstance('smtp.gmail.com', 465, "ssl")->setUsername($email_to)->setPassword($password);
$mailer = Swift_Mailer::newInstance($transport);
$message = Swift_Message::newInstance($subj)->setFrom(array($email_from => 'Jivko Sinapov'))->setTo(array($email_to))->setBody($message);
$result = $mailer->send($message);
} else {
//activate user by default
// set the approved field to 1 to activate the account
$rs_activ = mysql_query("UPDATE " . USERS . " SET approved='1' WHERE\n\t\t\t\tmd5_id='" . $md5_id . "' AND activation_code = '" . $activation_code . "' ") or die(mysql_error());
}
}
return $err;
}
<?php
/*Secured user only page*/
include '../includes/constant/config.inc.php';
secure_page();
return_meta("Edit " . $_SESSION['fullname'] . "'s Profile");
$msg = NULL;
if (isset($_POST['update'])) {
$update = "UPDATE " . USERS . " SET full_name = '" . filter($_POST['fullname']) . "', user_name = '" . filter($_POST['username']) . "', usr_email = AES_ENCRYPT('" . filter($_POST['email']) . "', '{$salt}')";
if (!empty($_POST['newpass'])) {
$update .= ", usr_pwd = '" . hash_pass(filter($_POST['newpass'])) . "'";
}
$update .= " WHERE id = '" . $_SESSION['user_id'] . "'";
$run_update = mysql_query($update) or die(mysql_error());
if ($run_update) {
$msg = "Profile updated successfully!";
}
}
?>
<?php
include '../includes/constant/nav.inc.php';
?>
<h1>Edit My Profile</h1>
<?php
if (isset($msg)) {
echo '<div class="success">' . $msg . '</div>';
}
$in = mysql_query("SELECT *, AES_DECRYPT(usr_email, '{$salt}') AS email FROM " . USERS . " WHERE id = '" . $_SESSION['user_id'] . "'") or die("Unable to get your info!");
if (isset($_GET['action']) && $_GET['action'] == "delete" && isset($_GET['id'])) {
$dq = mysql_query("DELETE FROM " . USERS . " WHERE id = '" . filter($_GET['id']) . "' LIMIT 1") or die(mysql_error());
if ($dq) {
$msg[] = "Successfully deleted user.";
} else {
$err[] = "Unable to remove user";
}
}
/*Create new user
===================================================*/
$pass = NULL;
$new_user_name = NULL;
$new_user_email = NULL;
if (isset($_POST['add_user'])) {
$pass1 = generate_key();
$pass = hash_pass($pass1);
$new_user_name = filter($_POST['new_user_name']);
$new_user_email = filter($_POST['new_user_email']);
$today = date('Y-m-d');
$check = mysql_query("SELECT user_name, usr_email FROM " . USERS . " WHERE user_name = '{$new_user_name}' OR usr_email = AES_ENCRYPT('{$new_user_email}', '{$salt}')") or die(mysql_error());
if (mysql_num_rows($check) > 0) {
$err[] = "A user with the username or email address already exists";
}
if (!check_email($new_user_email)) {
$err[] = "You must enter a valid email";
}
if (empty($err)) {
$add_user = mysql_query("INSERT INTO " . USERS . " (`user_name`, `usr_email`, `user_level`, `usr_pwd`, `date`, `approved`) VALUES ('{$new_user_name}', AES_ENCRYPT('{$new_user_email}', '{$salt}'), 1, '{$pass}', '{$today}', 1)") or die(mysql_error());
$message = "Hello,\n\t\tYou have been registered as a user with SOMEWEBSITE by an administrator.\n\t\tYou may login to your account by going to:\n\n\t\t" . SITE_BASE . "/login.php\n\n\t\tAnd logging in with the following information:\n\t\tUsername: "******"\n\t\tPassword: "******"\n\n\t\tThank you,\n\t\tAdmin";
send_msg($new_user_email, "User Registration", $message);
$msg[] = "Successfully added " . $new_user_name . " and an email has been sent to the user.";
// an include path, enter it here:
$ADD_INCLUDE_PATH = '';
// SECRET SALT:
// set this to something random and LONG. Don't change it, or else all the
// passwords will stop working
$SECRET_SALT = 'msl18kandgnkoq90u4@3ye56ta*74u89iit guya@0p349pti#7hw5fuj90f';
// SUPER-ADMIN FEATURE:
// if you ever get locked out (no Admin accounts), login using
// Username: lhsmath
// Password: (set a password below)
// Once you're done, change the password back to being blank ('')
// - this disables the lhsmath account.
$LHSMATH_PASSWORD = '';
// just ignore this part, lets you sign in with that password _____________
if ($LHSMATH_PASSWORD != '') {
$LHSMATH_PASSWORD = hash_pass('lhsmath', $LHSMATH_PASSWORD);
}
// ________________________________________________________________________
// This site uses reCAPTCHA to prevent bots from messing with it. You can
// get a key at http://recaptcha.net
$RECAPTCHA_PUBLIC_KEY = '6LfrvwETAAAAACQvf7d9fEkpnfoIn3A8di_LR-8U';
$RECAPTCHA_PRIVATE_KEY = '6LfrvwETAAAAAOCERu7Hbu_wuMBjNfVLbm-uHs5q';
// This site also uses Mailhide. Get a key at:
// http://www.google.com/recaptcha/mailhide/apikey
$MAILHIDE_PUBLIC_KEY = '01s6lIcYY72sXjHVrhhkEsXQ==';
$MAILHIDE_PRIVATE_KEY = '658ab4cadf4c996208856ec5735b4aae';
// The site is monitored by Pingdom. Get a free account [http://pingdom.com]
// Add the Math Club website, then wait one day. Enable the Public Report
// and enter its URL below.
$PINGDOM_REPORT = 'http://stats.pingdom.com/wk0v6lomn491/225513';
// BANHAMMER: To ban an IP address, add it to this list.
function change_password()
{
// Check XSRF token
if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) {
trigger_error('XSRF code incorrect', E_USER_ERROR);
}
// Fetch form data
$pass = $_POST['pass1'];
// Get Data
$query = 'SELECT email, passhash FROM users WHERE id="' . $_SESSION['user_id'] . '" LIMIT 1';
$result = DB::queryRaw($query);
$row = mysqli_fetch_assoc($result);
$email = mysqli_real_escape_string(DB::get(), strtolower($row['email']));
$old_passhash = $row['passhash'];
// CHECK PASSWORD
if (hash_pass($email, $_POST['currpass']) != $old_passhash) {
show_change_password_page('Incorrect password');
return;
}
// CHECK THAT THE PASSWORDS MATCH, MEET MINIMUM LENGTH
if ($pass != $_POST['pass2']) {
show_change_password_page('The passwords that you entered do not match');
return;
}
if (strlen($pass) < 6) {
show_change_password_page('Please choose a password that has at least 6 characters');
return;
}
// Change password
$passhash = hash_pass($email, $pass);
$query = 'UPDATE users SET passhash="' . mysqli_real_escape_string(DB::get(), $passhash) . '" WHERE id="' . $_SESSION['user_id'] . '" LIMIT 1';
DB::queryRaw($query);
// Go to Profile Page
$_SESSION['ACCOUNT_profile_change_message'] = 'Your password has been changed';
header('Location: My_Profile');
}
<?php
require_once realpath($_SERVER['DOCUMENT_ROOT']) . '/includes/init_trigger.inc.php';
if (isset($_POST['unhashed'])) {
echo hash_pass($_POST['unhashed']);
}
function process_change_page()
{
// Check the XSRF token
if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) {
trigger_error('XSRF token invalid', E_USER_ERROR);
}
// Check that the passwords match, meet minimum length requirement
$pass = $_POST['pass1'];
if ($pass != $_POST['pass2']) {
show_new_password_page('The passwords that you entered do not match.', 'pass1');
return;
}
if (strlen($pass) < 8) {
show_new_password_page('Please choose a password that has at least 8 characters.', 'pass1');
return;
}
// Check that the user is allowed to change thier password
if (!isset($_SESSION['ACCOUNT_passreset_id'])) {
show_new_password_page('Error: You\'re not allowed to do this?!');
return;
}
// ** PASSWORD IS VALIDATED AT THIS POINT **
// Prevent from resubmitting this form
$id = $_SESSION['ACCOUNT_passreset_id'];
unset($_SESSION['ACCOUNT_passreset_id']);
unset($_SESSION['ACCOUNT_passreset_name']);
$query = 'SELECT email FROM users WHERE id="' . $id . '" LIMIT 1';
$result = DB::queryRaw($query);
$row = mysqli_fetch_assoc($result);
// Change password
$email = mysqli_real_escape_string(DB::get(), strtolower($row['email']));
$passhash = hash_pass($email, $pass);
$query = 'UPDATE users SET passhash="' . mysqli_real_escape_string(DB::get(), $passhash) . '", password_reset_code="0" WHERE id="' . $id . '" LIMIT 1';
DB::queryRaw($query);
// LOG IN
set_login_data($id);
// SHOW PAGE
page_header('Password Reset');
echo <<<HEREDOC
<h1>Password Reset</h1>
Your password has been changed successfully.
HEREDOC;
}
$pass2 = filter($_POST['pass']);
if (empty($username) || strlen($username) < 4) {
$err[] = "You must enter a username";
}
if (empty($pass2) || strlen($pass2) < 4) {
$err[] = "You seem to have forgotten your password.";
}
//Select only ONE password from the db table if the username = username, or the user input email (after being encrypted) matches an encrypted email in the db
$q = mysql_query("SELECT usr_pwd, id FROM " . USERS . " WHERE user_name = '{$username}' OR usr_email = AES_ENCRYPT('{$username}', '{$salt}')") or die(mysql_error());
//Select only the password if a user matched
list($pass, $userid) = mysql_fetch_row($q);
//now the variable $pass holds the value in column usr_pwd, $userid holds the value for id
if (empty($err)) {
//If someone was found, check to see if passwords match
if (mysql_num_rows($q) > 0) {
if (hash_pass($pass2) === $pass) {
$user_info = mysql_query("SELECT id, full_name, user_name FROM " . USERS . " WHERE id = '{$userid}' LIMIT 1") or die("Unable to get user info");
list($id, $name, $username) = mysql_fetch_row($user_info);
session_start();
//REALLY start new session (wipes all prior data)
session_regenerate_id(true);
//update the timestamp and key for session verification
$stamp = time();
$ckey = generate_key();
mysql_query("UPDATE " . USERS . " SET ctime = '{$stamp}', ckey = '{$ckey}', num_logins = num_logins+1, last_login = now() WHERE id='{$id}'") or die(mysql_error());
//Assign session variables to information specific to user
$_SESSION['user_id'] = $id;
$_SESSION['fullname'] = $name;
$_SESSION['user_name'] = $username;
$_SESSION['user_level'] = $level;
$_SESSION['stamp'] = $stamp;
