function authenticateLogin($link, $loginemail, $loginpasswd)
{
if (!$_POST[$loginpasswd]) {
return "Please enter password";
}
if (emailExist($link, $loginemail)) {
$email = mysqli_real_escape_string($link, $_POST[$loginemail]);
$passwd = mysqli_real_escape_string($link, $_POST[$loginpasswd]);
$passwd = md5(md5($email) . $passwd);
$query = "SELECT * FROM users WHERE email='" . $email . "' AND password='******' LIMIT 1";
$result = mysqli_query($link, $query);
$row = mysqli_fetch_array($result);
if ($row) {
//echo "Login Successful";
$_SESSION['id'] = $row['id'];
//print_r($_SESSION);
} else {
return "Password is incorrect";
}
} else {
return "Your email is not found. Try again or Sign Up";
}
}
if ($_POST['pass_1'] != $_POST['pass_2']) {
$alertArr[] = $ALERT['PASS_DIFF'];
}
if (strlen($_POST['pass_field_1']) > 30) {
$alertArr[] = $ALERT['PASS_TOLONG'];
}
if ($_POST['pass_field_1'] && strlen($_POST['pass_field_1']) < 6) {
$alertArr[] = $ALERT['PASS_TOSHORT'];
}
if (strlen($_POST['email']) > 140) {
$alertArr[] = $ALERT['EMAIL_TOLONG'];
}
if ($_POST['email'] && !emailValid($_POST['email'])) {
$alertArr[] = $ALERT['EMAIL_INVALID'];
}
if ($_POST['email'] && emailExist($_POST['email'])) {
$alertArr[] = $ALERT['EMAIL_TAKEN'];
}
if (count($alertArr) == 0) {
// Add the new account to the database
// (password has already been encrypted using javascript)
$_SESSION['reguname'] = $_SESSION['username'];
$_SESSION['regresult'] = addNewUser($_POST['pass1'], $_POST['email']);
$_SESSION['registered'] = true;
$refresh = $HTTP_SERVER_VARS[PHP_SELF];
exit(include_once HTML_PATH . "html_refresh.php");
// stop script
}
}
$alert = displayAlert($alertArr);
if ($_POST['pass_field_curr']) {
return true;
} else {
return false;
}
}
if (isset($_POST['signUp'])) {
//Email
if (!empty($_POST['email']) && !empty($_POST['email2'])) {
//Emailwiederholung
if ($_POST['email'] == $_POST['email2']) {
$email = trim(htmlentities($_POST['email'], ENT_QUOTES, "UTF-8"));
$beginning = "[a-zA-Z\\d][\\w\\.-]*[a-zA-Z\\d]";
$end = "[a-zA-Z\\d][\\w\\.-]*\\.[a-zA-Z]{2,4}";
$regExp = "/^" . $beginning . "@" . $end . "\$/";
if (preg_match($regExp, $email)) {
if (emailExist($email)) {
$info = "Diese Emailadresse existiert bereits.";
} else {
if (!empty($_POST['password']) && !empty($_POST['password2'])) {
if ($_POST['password'] == $_POST['password2']) {
if (strlen($_POST['password']) > 7) {
$password = md5(trim(htmlentities($_POST['password'], ENT_QUOTES, "UTF-8")));
$email = $GLOBALS['DB']->escapeString($email);
$password = $GLOBALS['DB']->escapeString($password);
$query = "INSERT INTO user (email, password, passportID, name, firstName, street, city, zipCode, country,\r\n verifiedEmail, verifiedAccount, signUpTime) VALUES \r\n ('{$email}', '{$password}', 'notVerified', '', '', '', '', '', '', '1', '1', '" . time() . "') ";
$result = $GLOBALS['DB']->query($query);
//Speichern true und Emailverification true
if ($result === true && makeVerificationCode($email) == true) {
header("Location: signupsuccessful.php");
exit;
} else {
</body>
</html>
';
$headers = "From: mooc@isen.fr\n";
// This is the email address the generated message will be from. We recommend using something like noreply@yourdomain.com.
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=utf-8' . "\r\n";
$headers .= "Reply-To: {$email_address}";
//$email_body->isHTML(true);
try {
mail($to, $email_subject, $email_body, $headers);
} catch (Exception $Excep) {
echo $e->errorMessage();
echo "->erreur mail";
}
return true;
}
$verifMail = emailExist();
$verif = formValid();
if ($verifMail == 0) {
echo '<br>Mail inconnu';
} else {
if ($verif == 1) {
$urlResetPwd = updateIdResetPwd();
echo "<br>Url a envoyer = reset_password?id=" . $urlResetPwd;
sendEmail($urlResetPwd);
// envoie de l'email
} else {
echo '<br>wrong form';
}
}
$q = "select * from " . DB_PREFIX . "forgot where email = '{$email}' limit 1";
$result = mysql_query($q, $conn);
if (mysql_numrows($result) > 0) {
return true;
} else {
return false;
}
}
// Checks to see if the user has submitted his email address through the login form.
// If so, checks authenticity in database and sends email to user to recover password.
if (isset($_POST['subform'])) {
// clean up
$_POST['email'] = cleanString($_POST['email'], 30);
// check for errors
$alertArr = array();
$username = emailExist($_POST['email']);
/* Check that all fields were typed in */
if (!$_POST['email']) {
$alertArr[] = $ALERT['EMAIL_NO'];
}
if (!emailValid($_POST['email'])) {
$alertArr[] = $ALERT['EMAIL_INVALID'];
}
if (!$username) {
$alertArr[] = $ALERT['EMAIL_NOTEXIST'];
}
if (forgotExist($_POST['email'])) {
$alertArr[] = $ALERT['EMAIL_ALREADYSENT'];
}
if (count($alertArr) == 0) {
// add new forgotten password and send email
