} else {
mysqli_close($conn);
header('Content-type: application/json');
echo json_encode(array("status" => false, "msg" => "Incomplete Request"));
die;
}
$oldPassword = $_POST['oldPassword'];
$newPassword = $_POST['newPassword'];
if (strlen($oldPassword) > 15 || strlen($oldPassword) < 4 || strlen($newPassword) > 15 || strlen($newPassword) < 4) {
mysqli_close($conn);
header('Content-type: application/json');
echo json_encode(array("status" => false, "msg" => "Password length should be between 4 and 15"));
die;
}
$stat = Auth::verifyPassword($userID, $oldPassword, $conn);
if (!$stat) {
mysqli_close($conn);
header('Content-type: application/json');
echo json_encode(array("status" => false, "msg" => "old Password did not match."));
die;
}
$status = Auth::changePassword($userID, $newPassword, $conn);
mysqli_close($conn);
header('Content-type: application/json');
if ($status) {
echo json_encode(array("status" => true, "msg" => "Password changed successfully."));
die;
} else {
echo json_encode(array("status" => false, "msg" => "Internal Error, please try later."));
die;
}
require_once 'Posts.php';
require_once 'Profile.php';
require_once 'Skillet.php';
require_once 'Utils.php';
if (isset($_GET["get"]) && $_GET["get"] == "posts") {
$posts = new Posts($auth);
$posts->getPosts();
print $posts->printOutput();
} else {
if (isset($_GET["get"]) && $_GET["get"] == "media") {
$media = new Media($auth);
$media->getMedia();
print $media->printOutput();
} else {
if (isset($_POST['changepass'])) {
$auth->changePassword();
print $auth->printOutput();
} else {
if (isset($_POST["comment"])) {
$posts = new Posts($auth);
$posts->post();
print $posts->printOutput();
} else {
if (isset($_POST["deleteid"])) {
$utils = new Utils($auth);
if (isset($_POST["deleteid"]) && $_POST["deleteid"] != "" && is_numeric($_POST["deleteid"])) {
$id = $_POST["deleteid"];
$utils->deleteComment($id);
print $utils->printOutput();
} else {
$utils->setOutput(self::$FAIL, "id is missing or invalid");
if (htmlspecialchars(Options::userGet($userId, $dateOption)) !== htmlspecialchars($timestamp)) {
// Set the option to the new value
Options::userSet($userId, $dateOption, $timestamp);
$changes = true;
}
}
}
if (isset($_POST['action']) && $_POST['action'] == 'Save Changes') {
// These are the 2 static things in your account a password and a email address
if (isset($_POST['user-email']) && $Error->email($_POST['user-email'], false) && $_POST['user-email'] !== $u->email) {
$u->email = $_POST['user-email'];
$u->update();
Activation::remove($userId);
$link = full_url_to_script('activate.php') . "?action=activate&code=" . Activation::generate($userId) . "&id=" . $userId;
Emailtemplate::setBaseDir('./assets/email_templates');
$html = Emailtemplate::loadTemplate('reactivate', array('title' => 'Reactivation Email', 'prettyName' => Options::get('prettyName'), 'name' => $u->username, 'siteName' => Options::get('emailName'), 'activationLink' => $link, 'footerLink' => Options::get('siteName'), 'footerEmail' => Options::get('emailInfo')));
send_html_mail(array($u->username => $u->email), 'Reactivation Email', $html, array(Options::get('siteName') => Options::get('emailAdmin')));
$Error->add('info', '<strong>Logged Out</strong><br />We have sent you a reactivation email to the new email address in order to verify it. Please check your email and follow the link within.');
$Auth->logout();
}
// These are the 2 static things in your account a password and a email address
if (isset($_POST['user-password']) && $_POST['user-password'] !== $inputValue[1] && $_POST['user-password'] !== '') {
Auth::changePassword($u->id, $_POST['user-password']);
$Error->add('info', '<strong>Logged Out</strong><br />Password updated, you may login with your new password');
$Auth->logout();
}
}
}
Template::setBaseDir('./assets/tmpl');
$html = Template::loadTemplate('layout', array('header' => Template::loadTemplate('header', array('title' => $title, 'user' => $user, 'admin' => $isadmin, 'msg' => $msg)), 'content' => Template::loadTemplate('settings', array('inputValue' => $inputValue, 'userId' => $userId, 'changes' => $changes)), 'footer' => Template::loadTemplate('footer', array('time_start' => $time_start))));
echo $html;
// Instantiontiate the erroring before we need to refresh the page
$msg = $Error->alert();
// Check if the form was submitted without any errors.
if (isset($detail) && Auth::resetPasswordCheck($detail) !== false) {
$userId = Auth::resetPasswordCheck($detail);
$activationCode = Activation::get($userId);
$complete = true;
$u = new User($userId);
$link = full_url_to_script('forgot.php') . "?action=resetpassword&code=" . Activation::get($userId) . "&uid=" . $userId;
// Select the Email tempalte and replace the relevant values
Emailtemplate::setBaseDir('./assets/email_templates');
$html = Emailtemplate::loadTemplate('forgot', array('title' => 'Reset Password Email', 'prettyName' => Options::get('prettyName'), 'name' => $u->username, 'siteName' => Options::get('emailName'), 'link' => $link, 'footerLink' => Options::get('siteName'), 'footerEmail' => Options::get('emailInfo')));
// Replace the relevant values and send the HTML email
send_html_mail(array($u->username => $u->email), 'Reset Password Email', $html, array(Options::get('siteName') => Options::get('emailAdmin')));
}
// Otherwise if the email link is followed lets reset the password and email it to the user.
if (isset($_GET['action']) && $_GET['action'] == 'resetpassword' && isset($_GET['uid']) && isset($_GET['code']) and Activation::get($_GET['uid']) == $_GET['code']) {
$u = new User($_GET['uid']);
$userId = $u->id;
$newPassword = Auth::generateStrongPassword(6, false, 'ld');
Auth::changePassword($userId, $newPassword);
$reset = true;
// Select the Email tempalte and replace the relevant values
Emailtemplate::setBaseDir('./assets/email_templates');
$html = Emailtemplate::loadTemplate('reset', array('title' => 'Password Successfully Reset', 'prettyName' => Options::get('prettyName'), 'name' => $u->username, 'siteName' => Options::get('emailName'), 'password' => $newPassword, 'footerLink' => Options::get('siteName'), 'footerEmail' => Options::get('emailInfo')));
// Replace the relevant values and send the HTML email
send_html_mail(array($u->username => $u->email), 'New Password', $html, array(Options::get('siteName') => Options::get('emailAdmin')));
}
Template::setBaseDir('./assets/tmpl');
$html = Template::loadTemplate('layout', array('header' => Template::loadTemplate('header', array('title' => $title, 'user' => $user, 'admin' => $isadmin, 'msg' => $msg, 'meta' => $meta, 'selected' => 'forgot')), 'content' => Template::loadTemplate('forgot', array('inputValue' => $inputValue, 'complete' => $complete, 'reset' => $reset, 'password' => $newPassword)), 'footer' => Template::loadTemplate('footer', array('time_start' => $time_start))));
echo $html;
$update = '';
/* Process miniForms */
/*
foreach($_POST as $key=>$val)
{
echo "POST: " . $key . "=" . $val ."<br />";
}*/
// Lets update the details getting posted to us
if ($isadmin == true) {
switch (@$_POST['action']) {
case 'update-email':
Auth::changeEmail($_POST['user_id'], $_POST['email']);
message($_POST['user_id'], 'email address has been updated');
break;
case 'update-password':
Auth::changePassword($_POST['user_id'], $_POST['password']);
message($_POST['user_id'], 'password has been updated');
break;
case 'update-group':
Auth::changeGroup($_POST['user_id'], $_POST['group']);
message($_POST['user_id'], 'group has been updated');
break;
case 'update-activation':
switch (@$_POST['active']) {
case '0':
Activation::deactivate($_POST['user_id']);
message($_POST['user_id'], 'account has been de-activated');
break;
case '1':
Activation::activate($_POST['user_id']);
message($_POST['user_id'], 'account has been activated');
$UID = $_GET['u'] ? $_GET['u'] : $_POST['u'];
$var = $_GET['v'] ? urldecode($_GET['v']) : $_POST['v'];
$pass1 = $_POST["Password1"];
$pass2 = $_POST["Password2"];
$validUser = false;
if (isset($UID) && isset($var)) {
include $_SERVER['DOCUMENT_ROOT'] . "/bossflex/DB/Models/User.php";
$User = User::getUserByUID($UID);
if ($User && $User->getVarString() == $var) {
$validUser = true;
}
if ($validUser && isset($_POST["unique"])) {
if ($_POST["unique"] == $_SESSION["unique"]) {
if (isset($pass1) && isset($pass2) && $pass1 == $pass2) {
if (isset($pass1) && isset($pass2) && $pass1 == $pass2) {
Auth::changePassword($User, $pass1);
echo "<h3>Password Changed</h3>";
$User->regenVarString();
//Invalidate the original link
session_destroy();
exit;
}
} else {
echo "<h3>Passwords do not match</h3>";
}
} else {
echo "<h3>Invalid Form Submission. Please try again.</h3>";
}
}
}
$_SESSION['unique'] = Auth::getRandomString(5);
<?php
session_start();
$_SESSION['NewUser'] = true;
$uid = $_GET['u'] ? $_GET['u'] : $_POST['u'];
include "DB/Models/User.php";
include "DB/Models/Auth.php";
$user = User::getUserByUID($uid);
$pass = $_POST['password'];
if (isset($pass)) {
Auth::changePassword($user, $pass);
}
?>
<html>
<body>
<h2>Register</h2>
<h3>Please fill out all information below</h3>
<form action="ChangePass.php" method="post">
<input type="hidden" name="u" value="<?php
echo $uid;
?>
">
<p>Password <br>
<input type="password" name="password"></p>
<input type="submit" value="Submit">
</form>
</body>
</html>
