return false;
});
}); //end ready
</script>
<?php
}
//end else if user not logged in
if (isset($_POST['forgotsubmit'])) {
$mail = $_POST['mail'];
$stmt = $connection->prepare("SELECT * FROM admin WHERE email = :mail");
$stmt->execute(array(':mail' => $mail));
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if ($result['username'] == 'admin') {
$rand = mt_rand(1234, 9999);
$safePass = generateSecureHash($rand, 12324234);
$stmt = $connection->prepare("UPDATE admin SET password = :password WHERE email = :mail");
$stmt->execute(array(':password' => $safePass, ':mail' => $mail));
$to = $mail;
$subject = 'Password Reset For Your Coupon Site';
$message = 'Hello, Your New Password is ' . $rand;
$headers = 'From: ' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
echo "Your Password was Reset. Check Your Junk Folder.";
} else {
echo "Invalid Email";
}
}
?>
</div>
</body>
<?php
if (isset($_POST['submit'])) {
include '../functions.php';
$create = $connection->prepare("CREATE TABLE IF NOT EXISTS admin (username varchar(30) UNIQUE, password varchar(90), email \t\tvarchar(100))");
$create->execute(array());
if (!$create) {
echo $connection->errorInfo();
}
$p = generateSecureHash($_POST['password'], 12324234);
$e = $_POST['mail'];
$insert = $connection->prepare("INSERT INTO admin (username,password,email) values('admin','" . $p . "','" . $e . "')");
$insert->execute(array());
if (!$insert) {
echo $connection->errorInfo();
}
header("Location: finalize.php");
}
?>
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
<title>Create Admin Account</title>
</head>
<body>
<h2>
Create an Admin Account - Step 2
</h2>
<form name="adminac" method="post" action="admin.php">
<h3>Admin Panel</h3>
<?php
if (isset($_POST['username'])) {
$username = $_POST['username'];
if ($username != "admin") {
echo "Please enter username as 'admin', if you are trying to create an admin account.<br>";
echo "<small>With the current version of script, only admin accounts are possible</small>";
} else {
$stmt = $connection->prepare("SELECT * FROM admin WHERE username = {$username}");
$stmt->execute(array());
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
if (count($result) >= 1) {
echo "Admin Account Already Exists";
} else {
//Each User has its unique HASH
$safepass = generateSecureHash($_REQUEST['pass'], $_REQUEST['username']);
//Hash the Entered Pass, and store it in variable.
$stmt = $connection->prepare('INSERT INTO admin (username, password, email) VALUES (:username, :safepass, :email)');
$stmt->execute(array("username" => $_REQUEST['username'], "safepass" => $safepass, "email" => $_REQUEST['email']));
echo "<br>You are Now the Administrator of this Site. Please <a href='admin.php'>Log in</a> to Continue.<br>";
}
}
} else {
?>
<form method='post' action='create.php'>
<input type="text" name='username' placeholder="username" required autocomplete='off' autofocus>
<input type="password" name='pass' placeholder="password" required>
<input type="email" name="email" placeholder="email" required>
<input type="submit" value="Sign Up">
</form>
<?php
