function makePasswordChange($db, $newPassword, $salt, $id)
 {
     $query = "\n            UPDATE user\n            SET\n                password = :password\n            WHERE\n                _id = :id\n        ";
     $query_params = array(':password' => PasswordUtils::hashPassword($newPassword, $salt), ':id' => $id);
     try {
         $stmt = $db->prepare($query);
         $stmt->execute($query_params);
     } catch (PDOException $ex) {
         die("Failed to run query: " . $ex->getMessage());
     }
 }
 function saveRegistration($post, $db)
 {
     // Store the results into the users table.
     $query = "\n                    INSERT INTO user (\n                        email,\n                        password,\n                        password_salt,\n                        first_name,\n                        last_name,\n                        user_type_id,\n                        picture_url\n                    ) VALUES (\n                        :email,\n                        :password,\n                        :salt,\n                        :first_name,\n                        :last_name,\n                        :user_type_id,\n                        :picture_url\n                    )";
     // Security measures
     $salt = PasswordUtils::generatePasswordSalt();
     $password = PasswordUtils::hashPassword($post['password'], $salt);
     $query_params = array(':email' => $post['email'], ':password' => $password, ':salt' => $salt, ':first_name' => $post['first_name'], ':last_name' => $post['last_name'], ':user_type_id' => '1', ':picture_url' => 'https://s3-us-west-2.amazonaws.com/dbsystems/default-avatar.png');
     try {
         $stmt = $db->prepare($query);
         $stmt->execute($query_params);
     } catch (PDOException $ex) {
         die("Failed to run query: " . $ex->getMessage());
     }
 }
include_once 'AutoLoader.php';
AutoLoader::registerDirectory('src/classes');
require "src/config.php";
if (!empty($_POST)) {
    $email = htmlspecialchars($_POST['email']);
    $query = "\r\n            SELECT *\r\n            FROM users\r\n            WHERE\r\n                email = :email\r\n        ";
    $query_params = array(':email' => $email);
    try {
        $stmt = $db->prepare($query);
        $result = $stmt->execute($query_params);
    } catch (PDOException $ex) {
        die("Failed to run query: " . $ex->getMessage());
    }
    $row = $stmt->fetch();
    if ($row) {
        $check_password = PasswordUtils::hashPassword($_POST['password'], $row['salt']);
        if ($check_password == $row['password']) {
            if ($row['active_user'] == 0) {
                $message = "You must activate your account first.";
            } else {
                unset($row['salt']);
                unset($row['password']);
                $_SESSION['user'] = $row;
                if ($row['info_added'] == 0) {
                    switch ($row['user_type_id']) {
                        case 3:
                            // nurse
                            header("Location: src/nurse_info.php");
                            die("Redirecting to: src/nurse_info.php");
                            break;
                        case 2:
 function saveRegistration($post, $hash, $db)
 {
     // Store the results into the users table.
     $query = "\n                    INSERT INTO users (\n                        email,\n                        password,\n                        salt,\n                        user_type_id,\n                        hash,\n                        picture_url\n                    ) VALUES (\n                        :email,\n                        :password,\n                        :salt,\n                        :user_type_id,\n                        :hash,\n                        :picture_url\n                    )\n                    ";
     // Security measures
     $salt = PasswordUtils::generatePasswordSalt();
     $password = PasswordUtils::hashPassword($post['password'], $salt);
     $query_params = array(':email' => $post['email'], ':password' => $password, ':salt' => $salt, ':user_type_id' => $post['user_type_id'], ':hash' => $hash, ':picture_url' => 'http://walphotobucket.s3.amazonaws.com/default.jpg');
     try {
         $stmt = $db->prepare($query);
         $stmt->execute($query_params);
     } catch (PDOException $ex) {
         die("Failed to run query: " . $ex->getMessage());
     }
 }
AutoLoader::registerDirectory('../src/classes');
require "config.php";
require "MailFiles/PHPMailerAutoload.php";
$fp = new ForgotPassword();
if (!empty($_POST)) {
    // Check if the email is recognized.
    $fp->checkEmail($_POST['email'], $db);
    // If the email was recognized, generate a new password and send an email.
    if (empty($fp->noEmail) && !empty($_POST['challenge_question_answer'])) {
        if ($fp->checkAnswer(htmlspecialchars($_POST['challenge_question_answer']))) {
            $newPassword = PasswordUtils::generateNewPassword();
            if ($fp->sendNewPassword($newPassword)) {
                $fp->success = "An email has been sent to the address that you provided. " . "Use the password included in the email to log in.";
                // Hash the new password and update the tables.
                $newSalt = PasswordUtils::generatePasswordSalt();
                $newPassword = PasswordUtils::hashPassword($newPassword, $newSalt);
                $fp->updateTables($newPassword, $newSalt, $db);
            } else {
                $fp->registrationFailure = "Verification email could not be sent. Please try again later.";
            }
        }
    }
}
?>

<!doctype html>
<html lang="en">
<head>
    <style>.error {color: #FF0000;}</style>
    <style>.success {color: #00FF00;</style>
    <meta charset="utf-8">
include_once '../AutoLoader.php';
AutoLoader::registerDirectory('../src/classes');
require "config.php";
if (!empty($_POST) && isset($_POST['submitButton'])) {
    $email = $_SESSION['user']['email'];
    $query = "\r\n            SELECT *\r\n            FROM users\r\n            WHERE\r\n                email = :email\r\n        ";
    $query_params = array(':email' => $email);
    try {
        $stmt = $db->prepare($query);
        $result = $stmt->execute($query_params);
    } catch (PDOException $ex) {
        die("Failed to run query: " . $ex->getMessage());
    }
    $row = $stmt->fetch();
    if ($row) {
        $check_password = PasswordUtils::hashPassword(htmlspecialchars($_POST['password']), $row['salt']);
        if ($check_password == $row['password']) {
            $query = "\r\n                        DELETE\r\n                        FROM users\r\n                        WHERE\r\n                          email = :email\r\n                    ";
            $query_params = array(':email' => $_SESSION['user']['email']);
            try {
                $stmt = $db->prepare($query);
                $result = $stmt->execute($query_params);
            } catch (PDOException $ex) {
                die("Failed to run query: " . $ex->getMessage());
            }
            unset($_SESSION['user']);
            $success = "Account deleted.";
        } else {
            $error = "Incorrect password.";
        }
    } else {
<?php

include_once '../AutoLoader.php';
AutoLoader::registerDirectory('../src/classes');
require "config.php";
require "MailFiles/PHPMailerAutoload.php";
$realPassword = PasswordUtils::generateNewPassword();
$passwordSalt = PasswordUtils::generatePasswordSalt();
$hashedPassword = PasswordUtils::hashPassword($realPassword, $passwordSalt);
$email = $_POST['email'];
$created_by_id = $_SESSION['user']['_id'];
if (!empty($_POST['manager'])) {
    $created_by_id = $_POST['manager'];
}
$insertStatement = "INSERT INTO user\n\t\t\t\t\t(`user_type_id`, `created_by_id`, `password`, `password_salt`, `first_name`, `last_name`, `email`, `picture_url`) \n\t\t\t\t\tVALUES (:user_type_id,:created_by_id, :password,:password_salt,:first_name,:last_name,:email,:picture_url)";
$insertParams = array(':user_type_id' => $_POST['user_type_id'], ':created_by_id' => $created_by_id, ':password' => $hashedPassword, ':password_salt' => $passwordSalt, ':first_name' => $_POST['first'], ':last_name' => $_POST['last'], ':email' => $email, ':picture_url' => 'https://s3-us-west-2.amazonaws.com/dbsystems/default-avatar.png');
try {
    $stmt = $db->prepare($insertStatement);
    $result = $stmt->execute($insertParams);
    $link = "http://dbsystems-engproject.rhcloud.com/";
    $message = 'Hello!<br/><br/>' . 'An account has been created for you on our conference room scheduler!' . ' Please click <a href=' . $link . '>here</a> to log in.<br/><br/>' . 'Password: '******'<br/>To change your password, sign in, then select \'Change Password\'' . ' from the drawer on the left side of the screen.' . '<br/><br/>Thank you,<br/>Team 6';
    $mailer = new SendEmail();
    $mailer->SendEmail($email, "Conference Room Scheduler", $message, false);
    header("Location: home.php");
    die("Redirecting to home.php");
} catch (PDOException $ex) {
    echo "query: " . $insertStatement . "</br>";
    print_r($insertParams);
    echo "<br/>exception: " . $ex->getMessage();
}