function testDb()
{
global $Dbc, $debug, $message, $success;
if (!empty($_POST['email']) && emailValidate($_POST['email']) && !empty($_POST['firstName']) && !empty($_POST['lastName']) && !empty($_POST['password']) && passwordValidate($_POST['password'])) {
destroySession();
$email = trim($_POST['email']);
$pass = sha1(trim($_POST['password']));
$firstName = trim($_POST['firstName']);
$lastName = trim($_POST['lastName']);
$rememberMeCode = sha1($email);
$Dbc->beginTransaction();
try {
$stmt = $Dbc->prepare("SELECT getUserIdByEmail(?) AS 'userId'");
$stmt .= $stmt->execute(array($email));
while ($row = $stmt->fetch()) {
$debug->add('$row[\'userId\']: ' . $row['userId']);
$debug->printArray($row, '$row');
if (empty($row['userId'])) {
//There are no users with the email address, so continue.
pdoError(__LINE__, $stmt, 1);
$stmt = $Dbc->prepare("INSERT INTO\n\tusers\nSET\n\tprimaryEmail = ?,\n\tuserPassword = ?,\n\tfirstName = ?,\n\tlastName = ?,\n\tjoinDate = ?");
if ($stmt->execute(array($email, $pass, $firstName, $lastName, DATETIME))) {
$debug->add('last id: ' . $Dbc->lastInsertId());
} else {
pdoError(__LINE__, $stmt);
}
} else {
$message .= 'That email address is already associated with an account. Please enter a different email address.<br>';
}
}
} catch (PDOException $e) {
//Rollback occurs automatically if an exception is thrown.
error(__LINE__, '', '<pre>' . $e . '</pre>');
pdoError(__LINE__);
}
} elseif (empty($_POST['email'])) {
$debug->add('email is empty on line ' . __LINE__ . '');
$message .= 'Please enter an email address.';
} elseif (!emailValidate($_POST['email'])) {
$message .= 'Please enter a valid email address.';
$debug->add('Email address is not valid.');
} elseif (empty($_POST['firstName'])) {
$debug->add('first name is empty on line ' . __LINE__ . '.');
$message .= 'Please enter a First Name.';
} elseif (empty($_POST['lastName'])) {
$debug->add('last name is empty on line ' . __LINE__ . '.');
$message .= 'Please enter a Last Name.';
} elseif (empty($_POST['password'])) {
$debug->add('password is empty on line ' . __LINE__ . '.');
$message .= 'Please enter a password.';
} else {
$debug->add('Something is missing.');
}
returnData();
}
if (!isset($_SESSION)) {
session_start();
}
if (isset($_POST['employeeID'])) {
$_SESSION['employeeID'] = $_POST['employeeID'];
header("Location: adminChangePassword.php");
}
if (!isset($_SESSION['uname'])) {
header("Location: login.php");
}
if (isset($_POST['Send'])) {
$oldPassword = $_POST['oldPassword'];
$newPassword = $_POST['newPassword'];
$confirmPassword = $_POST['confirmPassword'];
}
passwordValidate($newPassword);
$passQuery = "select password from credentials2 where username='******'uname'] . "'";
$passResult = mysqli_query($connection, $passQuery);
$passRow = mysqli_fetch_assoc($passResult);
$dbPassword = $passRow['password'];
if ($dbPassword === sha1($oldPassword)) {
if ($newPassword === $confirmPassword) {
$passUpdate = "update credentials2 set password = sha1('" . $newPassword . "')\n where username = '******'uname'] . "'";
mysqli_query($connection, $passUpdate);
$_SESSION['passConfirmMessage'] = "You have successfully changed your password.";
header("Location: ../index.php");
} else {
$_SESSION['passNotMatch'] = "Passwords do not match. Please try again.<br>";
header("Location: changePasswordForm.php");
}
} else {
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];
$errors = [];
if (empty($first_name)) {
$errors['first_name'] = "Please enter your first name";
}
if (empty($last_name)) {
$errors['last_name'] = "Please enter your last name";
}
if (empty($email)) {
$errors['email'] = "Please enter your email";
}
if (empty($password)) {
$errors['password'] = "******";
}
if (!passwordValidate($password)) {
$errors['password_validate'] = "Your password must have at least one capital letter, one number, and one special character";
}
if (empty($confirm_password)) {
$errors['confirm_password'] = "******";
}
if ($password != $confirm_password) {
$errors['confirm_password'] = "******";
$password = '';
$confirm_password = '';
}
if (empty($errors)) {
print_r($errors);
$encrypted_password = password_hash($password, PASSWORD_DEFAULT);
//insert into the table
$sql = "INSERT INTO users (first_name, last_name, email, encrypted_password) VALUES (\n '{$first_name}',\n '{$last_name}',\n '{$email}',\n '{$encrypted_password}'\n )";
function saveMyInformation()
{
/*Save the updated user information.
//This has become a rather complex and lengthy script. The best way to handle it is to compare the current information to the new information to see what has changed. Then do verifications on the changed information.
*/
global $debug, $message, $success, $Dbc, $returnThis;
try {
//The secondary email and new password fields are optional, so we must test them separately from the rest.
if (empty($_POST['firstName'])) {
throw new Adrlist_CustomException('', '$_POST[\'firstName\'] is empty.');
} elseif (strlen($_POST['firstName']) > 255) {
throw new Adrlist_CustomException('', '$_POST[\'firstName\'] is more than 255 characters.');
} elseif (empty($_POST['lastName'])) {
throw new Adrlist_CustomException('', '$_POST[\'lastName\'] is empty.');
} elseif (strlen($_POST['lastName']) > 255) {
throw new Adrlist_CustomException('', '$_POST[\'lastName\'] is more than 255 characters.');
} elseif (empty($_POST['primaryEmail'])) {
throw new Adrlist_CustomException('', '$_POST[\'primaryEmail\'] is empty.');
} elseif (!emailValidate($_POST['primaryEmail'])) {
throw new Adrlist_CustomException('', '$_POST[\'primaryEmail\'] is not a valid email address.');
} elseif (empty($_POST['primaryEmailRetype'])) {
throw new Adrlist_CustomException('', '$_POST[\'primaryEmailRetype\'] is empty.');
} elseif ($_POST['primaryEmail'] != $_POST['primaryEmailRetype']) {
throw new Adrlist_CustomException("The primary email addresses don't match.", '');
} elseif (empty($_POST['currentPassword'])) {
throw new Adrlist_CustomException('', '$_POST[\'currentPassword\'] is empty.');
} elseif (!passwordValidate($_POST['currentPassword'])) {
throw new Adrlist_CustomException('', '$_POST[\'currentPassword\'] is not valid.');
}
$_POST['firstName'] = trim($_POST['firstName']);
$_POST['lastName'] = trim($_POST['lastName']);
$_POST['primaryEmail'] = trim($_POST['primaryEmail']);
$_POST['currentPassword'] = trim($_POST['currentPassword']);
$_POST['newPassword'] = trim($_POST['newPassword']);
$_POST['secondaryEmail'] = trim($_POST['secondaryEmail']);
$toAddress = array();
$Dbc->beginTransaction();
//Verify the user has entered the correct current password. Grab other info to check what has been changed.
$stmt = $Dbc->prepare("SELECT\n\tfirstName AS 'firstName',\n\tlastName AS 'lastName',\n\tprimaryEmail AS 'primaryEmail',\n\tsecondaryEmail AS 'secondaryEmail',\n\tuserPassword AS 'password'\nFROM\n\tusers\nWHERE\n\tuserId = ? AND\n\tuserPassword = ?");
$sha1CurrentPassword = sha1($_POST['currentPassword']);
$sha1NewPassword = sha1($_POST['newPassword']);
$params = array($_SESSION['userId'], $sha1CurrentPassword);
$stmt->execute($params);
$currentInfo = $stmt->fetch(PDO::FETCH_ASSOC);
$debug->printArray($currentInfo, '$currentInfo');
$debug->printArray($_POST, '$_POST');
if (empty($currentInfo['password'])) {
pdoError(__LINE__, $stmt, $params, true);
throw new Adrlist_CustomException('Your password could not be verified. Please re-enter your current password.', '');
}
$debug->add('The user has entered the correct current password.');
if (!empty($currentInfo['secondaryEmail'])) {
$toAddress[] = $currentInfo['secondaryEmail'];
}
$newInformationArray = array('First Name' => $_POST['firstName'], 'Last Name' => $_POST['lastName'], 'Primary Email Address' => $_POST['primaryEmail'], 'Secondary Email Address' => $_POST['secondaryEmail']);
//Check if the password has changed.
if (empty($_POST['newPassword'])) {
$returnThis['pass'] = $_POST['currentPassword'];
$newInformationArray['Password'] = $sha1CurrentPassword;
} elseif ($_POST['newPassword'] != $_POST['newPasswordRetype']) {
throw new Adrlist_CustomException('The new passwords don\'t match. Please re-enter a new password.', '');
} elseif (!passwordValidate($_POST['newPassword'])) {
throw new Adrlist_CustomException('The new password you entered contains invalid characters. Please enter a valid password.', '');
} else {
//Update the password.
$stmt = $Dbc->prepare("UPDATE\n\tusers\nSET\n\tuserPassword = ?\nWHERE\n\tuserId = ?");
$params = array($sha1NewPassword, $_SESSION['userId']);
$stmt->execute($params);
$returnThis['pass'] = $_POST['newPassword'];
$newInformationArray['Password'] = $sha1NewPassword;
}
//Compare the information in the database with the new information to report what has changed.
$changes = array_diff($newInformationArray, $currentInfo);
$debug->printArray($changes, '$changes');
if (empty($changes)) {
$message .= 'No changes were made.<br>';
} else {
//Update the secondary email only if it has changed and isn't empty.
if (array_key_exists('Secondary Email Address', $changes)) {
$debug->add('I detect that the Secondary Email Address has been changed.');
//Verify the new secondary email is different from the current and new primary email, and the re-type matches.
if (empty($_POST['secondaryEmail'])) {
//The user has removed a secondary email. Set the secondary email to null.
$stmt = $Dbc->prepare("UPDATE\n\tusers\nSET\n\tsecondaryEmail = ?\nWHERE\n\tuserId = ?");
$params = array(NULL, $_SESSION['userId']);
$stmt->execute($params);
} elseif ($_POST['secondaryEmail'] != $currentInfo['primaryEmail'] && $_POST['secondaryEmail'] != $_POST['primaryEmail'] && $_POST['secondaryEmail'] == $_POST['secondaryEmailRetype'] && emailValidate($_POST['secondaryEmail'])) {
//Check to see if secondaryEmail is used by another user as either a primary or secondary email.
$debug->add('About to check the Secondary Email Address.');
$stmt = $Dbc->prepare("SELECT\n\tuserId AS 'userId'\nFROM\n\tusers\nWHERE\n\tsecondaryEmail = ? OR\n\tprimaryEmail = ? AND\n\tuserId <> ?");
$params = array($_POST['secondaryEmail'], $_POST['secondaryEmail'], $_SESSION['userId']);
$stmt->execute($params);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (empty($row['userId']) && empty($row['userId'])) {
pdoError(__LINE__, $stmt, $params, true);
$debug->add('As there are no users with the secondary email address ' . $_POST['secondaryEmail'] . ' this user can use it.');
//Update secondary email.
$stmt = $Dbc->prepare("UPDATE\n\tusers\nSET\n\tsecondaryEmail = ?\nWHERE\n\tuserId = ?");
$stmt->execute(array($_POST['secondaryEmail'], $_SESSION['userId']));
$toAddress[] = $_POST['secondaryEmail'];
} else {
throw new Adrlist_CustomException('The Secondary Email Address your entered is associated with another account.<br>
<div style="height:.6em"></div>
Please choose a different Secondary Email Address.<br>', '');
}
} else {
if ($_POST['secondaryEmail'] == $currentInfo['primaryEmail']) {
$message .= 'The Primary and Secondary Email Addresses must be different.<br>';
} elseif ($_POST['secondaryEmail'] != $_POST['secondaryEmailRetype']) {
$message .= 'The secondary email addresses don\'t match.<br>';
} elseif (!emailValidate($_POST['secondaryEmail'])) {
$debug->add('$_POST[\'secondaryEmail\'] is not a valid email address.<br>
<div style="height:.6em"></div>
Please enter a valid email address.');
}
}
}
//Update the Primary Email Address only if it has changed.
if (array_key_exists('Primary Email Address', $changes)) {
$debug->add('I detect that the Primary Email Address has been changed.');
//Verify the new Primary Email is different from the Secondary Email.
if ($_POST['primaryEmail'] == $currentInfo['secondaryEmail']) {
throw new Adrlist_CustomException('The Primary and Secondary email addresses must be different.', '');
}
//Check to see if the primary email address is used by another user.
$debug->add('About to check the Primary Email Address.');
$stmt = $Dbc->prepare("SELECT\n\tuserId AS 'userId'\nFROM\n\tusers\nWHERE\n\tsecondaryEmail = ? OR\n\tprimaryEmail = ? AND\n\tuserId <> ?");
$params = array($_POST['primaryEmail'], $_POST['primaryEmail'], $_SESSION['userId']);
$stmt->execute($params);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (!empty($row['userId'])) {
throw new Adrlist_CustomException('The Primary Email Address your entered is associated with another account.<br>
<div style="height:.6em"></div>
Please enter a different Primary Email Address.<br>', '');
}
pdoError(__LINE__, $stmt, $params, true);
$debug->add('As there are no users with the email address ' . $_POST['primaryEmail'] . ' this user can use it.');
//Update the user's Primary Email Address.
$stmt = $Dbc->prepare("UPDATE\n\tusers\nSET\n\tprimaryEmail = ?\nWHERE\n\tuserId = ?");
$params = array($_POST['primaryEmail'], $_SESSION['userId']);
$stmt->execute($params);
$toAddress[] = $_POST['primaryEmail'];
}
//Update the rest of the info.
$stmt = $Dbc->prepare("UPDATE\n\tusers\nSET\n\tfirstName = ?,\n\tlastName = ?\nWHERE\n\tuserId = ? AND\n\tuserPassword = ?");
$params = array($_POST['firstName'], $_POST['lastName'], $_SESSION['userId'], $sha1CurrentPassword);
$stmt->execute($params);
//Record the changes made.
$userChangesStmt = $Dbc->prepare("INSERT INTO userChanges SET\n\tuserId = ?,\n\toldPrimaryEmail = ?,\n\tnewPrimaryEmail = ?,\n\toldSecondaryEmail = ?,\n\tnewSecondaryEmail = ?,\n\toldPassword = ?,\n\tnewPassword = ?,\n\toldFirstName = ?,\n\tnewFirstName = ?,\n\toldLastName = ?,\n\tnewLastName = ?,\n\tdateChanged = ?");
$userChangesParams = array($_SESSION['userId'], $currentInfo['primaryEmail'], $_POST['primaryEmail'], $currentInfo['secondaryEmail'], $_POST['secondaryEmail'], $currentInfo['password'], $sha1NewPassword, $currentInfo['firstName'], $_POST['firstName'], $currentInfo['lastName'], $_POST['lastName'], DATETIME);
$userChangesStmt->execute($userChangesParams);
$changesListText = '';
$changesListHtml = '';
foreach ($changes as $key => $value) {
$changesListText .= "- {$key}\n";
$changesListHtml .= "• {$key}<br>";
}
$subject = 'Changes have been made to your ' . THENAMEOFTHESITE . ' account';
$bodyText = 'The following changes have been made to your ' . THENAMEOFTHESITE . ' account:
' . $changesListText . '
If you did not authorize these changes please <a href="' . LINKSUPPORT . '">contact support</a>.
This is an automated message. Please do not reply.';
$bodyHtml = 'The following changes have been made to your account:<br>
' . $changesListHtml . '<br>
If you did not authorize these changes please <a href="' . LINKSUPPORT . '">contact support</a>.';
$debug->printArray($toAddress, '$toAddress');
if (email(EMAILDONOTREPLY, $currentInfo['primaryEmail'], $subject, $bodyHtml, $bodyText)) {
$Dbc->commit();
$message .= 'Saved My Information';
$success = MODE == 'saveMyInformation' ? true : $success;
if (!empty($toAddress)) {
foreach ($toAddress as $value) {
email('donotreply@' . DOMAIN, $value, $subject, $bodyHtml, $bodyText);
}
}
} else {
throw new Adrlist_CustomException('', 'There was a problem trying to send an email.');
}
}
} catch (Adrlist_CustomException $e) {
} catch (PDOException $e) {
error(__LINE__, '', '<pre>' . $e . '</pre>');
}
if (MODE == 'saveMyInformation') {
returnData();
} else {
return $output;
}
}
function createNewUser()
{
/*
A new user has entered their information. We will create their account.
*/
global $debug, $message, $success, $Dbc, $returnThis;
$output = '';
try {
if (empty($_POST['firstName'])) {
throw new Adrlist_CustomException('', '$_POST[\'lastName\'] is empty.');
} elseif (empty($_POST['lastName'])) {
throw new Adrlist_CustomException('', '$_POST[\'lastName\'] is empty.');
} elseif (empty($_POST['email'])) {
throw new Adrlist_CustomException('', 'email is empty.');
} elseif (!emailValidate($_POST['email'])) {
throw new Adrlist_CustomException('', 'Email address is not valid.');
} elseif (!passwordValidate($_POST['password'])) {
throw new Adrlist_CustomException('', '$_POST[\'password\'] is not valid.');
} elseif (empty($_POST['password'])) {
throw new Adrlist_CustomException('', '$_POST[\'password\'] is empty.');
} elseif (empty($_POST['timeZone'])) {
throw new Adrlist_CustomException('', '$_POST[\'timeZone\'] is empty.');
}
/*elseif(empty($_POST['recaptcha_challenge_field'])){
throw new Adrlist_CustomException('','$_POST[\'recaptcha_challenge_field\'] is empty.');
}elseif(empty($_POST['recaptcha_response_field'])){
throw new Adrlist_CustomException('','$_POST[\'recaptcha_response_field\'] is empty.');
}*/
destroySession();
$_POST['email'] = trim($_POST['email']);
$passEncoded = sha1(trim($_POST['password']));
$_POST['firstName'] = trim($_POST['firstName']);
$_POST['lastName'] = trim($_POST['lastName']);
$rememberMeCode = sha1($_POST['email']);
$invitationCode = isset($_POST['invitationCode']) ? trim($_POST['invitationCode']) : '';
/*
$resp = recaptcha_check_answer(RECAPTCHAPRIVATEKEY, $_SERVER["REMOTE_ADDR"], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']);
if(!$resp->is_valid && !LOCAL){
throw new Adrlist_CustomException('The reCAPTCHA wasn\'t entered correctly. Please enter the new reCAPTCHA.','reCAPTCHA said: ' . $resp->error . '.');
}
$debug->add('The recaptcha response is valid.');
*/
$Dbc->beginTransaction();
//See if this email address is already in use.
$getUserIdQuery = $Dbc->prepare("SELECT\n\tuserId AS 'userId'\nFROM\n\tusers\nWHERE\n\tprimaryEmail = ?");
$getUserIdQuery->execute(array($_POST['email']));
$row = $getUserIdQuery->fetch(PDO::FETCH_ASSOC);
if (empty($row['userId'])) {
//There are no users with the email address, so insert the user record.
$insertUserQuery = $Dbc->prepare("INSERT INTO\n\tusers\nSET\n\tprimaryEmail = ?,\n\tuserPassword = ?,\n\tfirstName = ?,\n\tlastName = ?,\n\tdateAdded = ?");
$insertUserQuery->execute(array($_POST['email'], $passEncoded, $_POST['firstName'], $_POST['lastName'], DATETIME));
$userId = $Dbc->lastInsertId();
if (!empty($invitationCode)) {
$debug->add('$invitationCode: ' . "{$invitationCode}");
//The user is responding to an invitation. Verify the invitation code matches the email.
$verifyInviteQuery = $Dbc->prepare("SELECT\n\temail as 'email'\nFROM\n\tinvitations\nWHERE\n\tinvitationCode = ? AND\n\temail = ? AND\n\trespondDate IS NULL");
$verifyInviteQuery->execute(array($invitationCode, $_POST['email']));
$verifyInvite = $verifyInviteQuery->fetch(PDO::FETCH_ASSOC);
if ($verifyInvite['email'] === '' || $verifyInvite['email'] === NULL) {
//The invitation code wasn't found or didn't match the email address. The user will still be created.
$message .= '<div class="red" style="padding:10px;">An invitation wasn\'t found. It may have been cancelled by the person who made the invitation.</div>';
} else {
$invitedEmail = true;
//The invitation code and email have been verified. Look for more invitations.
$invitationsQuery = $Dbc->prepare("SELECT\n\tinvitationId AS 'invitationId',\n\tfolderId AS 'folderId',\n\tfolderRoleId AS 'folderRoleId',\n\tlistId AS 'listId',\n\tlistRoleId AS 'listRoleId',\n\tsenderId AS 'senderId'\nFROM\n\tinvitations\nWHERE\n\temail = ? AND\n\trespondDate IS NULL");
$invitationsQuery->execute(array($_POST['email']));
$folderArray = array();
//A nested associative array: requestingUserId => array(folderId,userFolderRoleId).
//Insert the new user's roles from the invitation(s).
while ($invitationsRow = $invitationsQuery->fetch(PDO::FETCH_ASSOC)) {
if (!empty($invitationsRow['folderId']) && !empty($invitationsRow['folderRoleId'])) {
//Add the folder to an array for creating list roles.
$folderArray[$invitationsRow['senderId']][$invitationsRow['folderId']] = $invitationsRow['folderRoleId'];
//Insert the folder role.
$insertFolderRole = $Dbc->prepare("INSERT INTO\n\tuserFolderSettings\nSET\n\tfolderId = ?,\n\tuserId = ?,\n\tfolderRoleId = ?,\n\tdateAdded = ?");
$insertFolderRole->execute(array($invitationsRow['folderId'], $userId, $invitationsRow['folderRoleId'], DATETIME));
}
if (!empty($invitationsRow['listId']) && !empty($invitationsRow['listRoleId'])) {
//Insert the list role.
$insertListRole = $Dbc->prepare("INSERT INTO\n\tuserListSettings\nSET\n\tlistId = ?,\n\tuserId = ?,\n\tlistRoleId = ?,\n\tdateAdded = ?");
$insertListRole->execute(array($invitationsRow['listId'], $userId, $invitationsRow['listRoleId'], DATETIME));
}
//Update the invitation respond date.
$respondDateQuery = $Dbc->prepare("UPDATE\n\tinvitations\nSET\n\trespondDate = ?\nWHERE\n\tinvitationId = ?");
$respondDateQuery->execute(array(DATETIME, $invitationsRow['invitationId']));
}
//Insert roles for each list in the sharedFolders array.
if (!empty($folderArray) && is_array($folderArray)) {
$debug->printArray($folderArray, '$folderArray');
foreach ($folderArray as $requestingUserId => $sharedFoldersArray) {
distributeRoles($requestingUserId, $userId, $sharedFoldersArray, true);
}
} elseif (!empty($folderArray)) {
error(__LINE__, '', '$sharedFoldersArray must be an associative array near line ' . __LINE__ . '.<br>');
}
}
}
//Create the user's default userSettings.
$insertUserSettingsQuery = $Dbc->prepare("INSERT\nINTO\n\tuserSiteSettings\nSET\n\tuserId = ?,\n\trememberMeCode = ?,\n\ttimeZone = ?,\n\tsiteRoleId = ?");
$insertUserSettingsQuery->execute(array($userId, $rememberMeCode, $_POST['timeZone'], 1));
//There is no default billing for a user. The user can select a plan, or there may be a promotion when starting an account.
//We must insert a userBillingAction first.
$userBillingActionStmt = $Dbc->prepare("INSERT\nINTO\n\tuserBillingActions\nSET\n\tuserId = ?,\n\tbillingOfferId = ?,\n\tbillingActionId = ?,\n\tvendorId = ?,\n\tbillingDatetime = ?");
$userBillingActionStmt->execute(array($userId, 1, 10, 3, DATETIME));
$userBillingActionId = $Dbc->lastInsertId();
$billingQuery = $Dbc->prepare("INSERT\nINTO\n\tuserBilling\nSET\n\tuserId = ?,\n\tbillingOfferId = ?,\n\tuserBillingActionId = ?,\n\tdateAdded = ?");
$billingQuery->execute(array($userId, 1, $userBillingActionId, DATETIME));
//Send a welcome email.
$subject = 'Welcome to ' . THENAMEOFTHESITE . '!';
$body = '<table width="100%" cellpadding="0" cellspacing="0" border="0" align="center" bgcolor="#FFFFFF">
<tr>
<td align="left"><font face="' . FONT . '" size="' . SIZE5 . '"><b>Welcome to ' . THENAMEOFTHESITE . '!</b><br>
</font></td>
</tr>
<tr>
<td align="left"><font face="' . FONT . '" size="' . SIZE3 . '"></font>Create your first ADR list by logging in: <a href="' . LINKLOGIN . '/?email=' . $_POST['email'] . '">' . LINKLOGIN . '</a>.<br>
<div> </div>
<div> </div>
<div> </div>
</td>
</tr>
</table>';
$textBody = "Welcome to " . THENAMEOFTHESITE . ".\nCreate your first list by logging in: https://" . DOMAIN . "/login?email=" . $_POST['email'] . "\nThis is an automated message. Please do not reply.";
email(EMAILDONOTREPLY, $_POST['email'], $subject, $body, $textBody);
setcookie(REMEMBERME, $rememberMeCode, time() + 60 * 60 * 24 * 365, COOKIEPATH, COOKIEDOMAIN, false);
$Dbc->commit();
$success = true;
$returnThis['pass'] = $_POST['password'];
} else {
$message .= "The email address you entered is already in use. Please choose another or try logging in.<br>";
$debug->add('The email address belongs to userId: ' . $row['userId'] . '.');
}
} catch (Adrlist_CustomException $e) {
} catch (PDOException $e) {
error(__LINE__, '', '<pre>' . $e . '</pre>');
if (MODE == 'createNewUser') {
returnData();
}
}
returnData();
}
function resetPasswordStep2()
{
global $debug, $message, $success, $Dbc, $returnThis;
$output = '';
try {
if (empty($_POST['pass'])) {
$debug->add('$_POST[\'pass\'] is empty.');
} elseif (!passwordValidate($_POST['pass'])) {
throw new Adrlist_CustomException('Password must be 6-20 characters. !@ allowed.', '');
} elseif (empty($_POST['resetCode']) || strlen($_POST['resetCode']) != 40) {
throw new Adrlist_CustomException('There is a problem with the reset code. Please verify that the whole code, as seen in the email, exists in the url.', 'resetCode is ' . strlen($_POST['resetCode']) . ' characters.');
}
if (passwordValidate($_POST['pass'])) {
$password = sha1(trim($_POST['pass']));
$resetPasswordQuery = $Dbc->prepare("UPDATE\n\tusers, forgotPassword\nSET\n\tusers.userPassword = ?,\n\tforgotPassword.responded = ?,\n\tforgotPassword.REMOTE_ADDR = ?\nWHERE\n\tusers.userId = forgotPassword.userId AND\n\tforgotPassword.resetCode = ?");
$resetPasswordQueryParams = array($password, DATETIME, gethostbyname($_SERVER['SERVER_NAME']), $_POST['resetCode']);
$resetPasswordQuery->execute($resetPasswordQueryParams);
$success = true;
$returnThis['url'] = LINKLOGIN . '/?message=Please login using your new password.';
}
} catch (Adrlist_CustomException $e) {
} catch (PDOException $e) {
error(__LINE__, '', '<pre>' . $e . '</pre>');
}
if (MODE == 'resetPasswordStep2') {
returnData();
} else {
return $output;
}
}
