function makeSQL() { $Address = $this->Address . '; ' . $this->City . ' ' . $this->ZipCode; if (strlen($Address) <= 3) { $Address = NULL; } $this->Password = createDefaultPassword(); $PassInfo = saltPasswordForUpdate($Password); $this->SaltedHash = $PassInfo["SaltedHash"]; $this->Salt = $PassInfo["Salt"]; sanitizeIn($this->OldEmail); sanitizeIn($this->GradYear); sanitizeIn($this->FirstName); sanitizeIn($this->MiddleName); sanitizeIn($this->LastName); sanitizeIn($this->Email); sanitizeIn($Address); sanitizeIn($this->SaltedHash); sanitizeIn($this->Salt); if (isset($this->OldEmail) && (!isset($this->Email) || empty($this->Email))) { $this->Email = $this->OldEmail; } $sql1 = "INSERT INTO `Users` (EmailAddress"; $sql2 = " ('" . $this->Email . "'"; AddSQLPair($sql1, $sql2, "GradYear", $this->GradYear); AddSQLPair($sql1, $sql2, "FirstName", $this->FirstName); AddSQLPair($sql1, $sql2, "MiddleName", $this->MiddleName); AddSQLPair($sql1, $sql2, "LastName", $this->LastName); AddSQLPair($sql1, $sql2, "MailingAddress", $Address); AddSQLPair($sql1, $sql2, "OldEmail", $this->OldEmail); AddSQLPair($sql1, $sql2, "SaltedHash", $this->SaltedHash); AddSQLPair($sql1, $sql2, "Salt", $this->Salt); $sql1 = $sql1 . ") VALUES"; $sql2 = $sql2 . ")"; return $sql1 . $sql2; }
function forgotPasswordCheck($Email, $Code, $Password, $Confirm) { if ($Password !== $Confirm) { return false; } $conn = connectToDB(); $userInfo = GetSingleDbValue("SELECT `ExtraHash`, `Salt`, `UserID` FROM `Users` WHERE `EmailAddress`='" . $Email . "'", $conn); if (!$userInfo) { $conn->close(); return false; } if (hash("sha256", $Code . $userInfo['Salt']) !== $userInfo['ExtraHash']) { $conn->close(); return false; } $newInfo = saltPasswordForUpdate($Password); CheckedQuery("UPDATE `Users` SET `SaltedHash`='" . $newInfo['SaltedHash'] . "', 'Salt'='" . $newInfo['Salt'] . "', 'ExtraHash'='' WHERE `EmailAddress`='" . $Email . "'", $conn); $conn->close(); return; }