<?php $targetpath = $_SESSION['targetpath']; $count = 1; $errmessage = ""; $flag = true; $f = fopen($targetpath, "r"); $row_start = getMaxIdFromTable('user_info', 'user_id'); $row_end = 0; $dbconn->beginTransaction(); while (($line = fgetcsv($f)) !== false) { $col = 1; if ($count > 1) { //Ignore CSV header line //Generate random 6 digit strong password, no MD5 $user_password = getStrongPassword(); $bodyContent = file_get_contents('mail_templates/new_registration.html'); $tags = array("##NAME##", "##STUDENT_ID##", "##PASSWORD##", "##WEB##"); $sql = "INSERT INTO user_info (role_id, role_meta, password, student_id,\n batch, department, first_name, last_name,\n position, employer, sector, nationality,\n email_primary, email_alternative, phone_primary,\n phone_alternative, city, country, mailing_address, blood_group,\n iut_room_no, interest, awards)\n VALUES(4,'','123'"; foreach ($line as $cell) { $sql = $sql . "," . "'" . htmlspecialchars($cell) . "'"; $col++; } $sql = $sql . ")"; try { $sth = $dbconn->exec($sql); $sqlendrow = "SELECT * FROM user_info WHERE user_id = (SELECT max(user_id) FROM user_info)"; $sthendrow = $dbconn->prepare($sqlendrow); $sthendrow->execute(); $result = $sthendrow->fetch(PDO::FETCH_ASSOC); if ($result['user_id'] > $row_end) {
* To change this template, choose Tools | Templates * and open the template in the editor. */ $email = $_POST['email']; $student_id = $_POST['student_id']; $sql = 'SELECT email_primary,email_alternative,first_name,last_name,user_id FROM user_info WHERE student_id = :student_id'; $sth = $dbconn->prepare($sql); $sth->execute(array(':student_id' => $student_id)); $result = $sth->fetch(PDO::FETCH_ASSOC); if ($email == null || $student_id == null) { $_SESSION['msg_type'] = 'e'; $_SESSION['msg'] = 'Some of the desired fields are left empty.Please fill up the necessary fields.'; header('location:login.php'); } else { if ($result['email_primary'] == $email || $result['email_alternative'] == $email) { $pass = getStrongPassword(); $name = $result['first_name'] . $result['last_name']; $sqlpassupdate = 'UPDATE user_info SET password=:password WHERE student_id=:student_id'; $sthpassupdate = $dbconn->prepare($sqlpassupdate); $sthpassupdate->execute(array(':password' => md5($pass), ':student_id' => $student_id)); $bodyContent = file_get_contents('mail_templates/new_forgotpass.html'); $tags = array("##NAME##", "##STUDENT_ID##", "##PASSWORD##", "##WEB##"); $values = array($name, $student_id, $pass, $_SERVER['SERVER_NAME']); $body = str_replace($tags, $values, $bodyContent); $sqlmail = "INSERT INTO mail_dispatcher (email_from,email_to,subject,body) VALUES (:from, :to, :subject, :body)"; $sthmail = $dbconn->prepare($sqlmail); $from = "*****@*****.**"; $subject = "Your password has been reset"; $sthmail->execute(array(':from' => $from, ':to' => $email, ':subject' => $subject, ':body' => $body)); $sqlmeta = "UPDATE user_meta SET force_pass_change=true WHERE user_id=:user_id"; $sthmeta = $dbconn->prepare($sqlmeta);