function makePasswordChange($db, $newPassword, $salt, $id)
{
$query = "\n UPDATE user\n SET\n password = :password\n WHERE\n _id = :id\n ";
$query_params = array(':password' => PasswordUtils::hashPassword($newPassword, $salt), ':id' => $id);
try {
$stmt = $db->prepare($query);
$stmt->execute($query_params);
} catch (PDOException $ex) {
die("Failed to run query: " . $ex->getMessage());
}
}
function saveRegistration($post, $db)
{
// Store the results into the users table.
$query = "\n INSERT INTO user (\n email,\n password,\n password_salt,\n first_name,\n last_name,\n user_type_id,\n picture_url\n ) VALUES (\n :email,\n :password,\n :salt,\n :first_name,\n :last_name,\n :user_type_id,\n :picture_url\n )";
// Security measures
$salt = PasswordUtils::generatePasswordSalt();
$password = PasswordUtils::hashPassword($post['password'], $salt);
$query_params = array(':email' => $post['email'], ':password' => $password, ':salt' => $salt, ':first_name' => $post['first_name'], ':last_name' => $post['last_name'], ':user_type_id' => '1', ':picture_url' => 'https://s3-us-west-2.amazonaws.com/dbsystems/default-avatar.png');
try {
$stmt = $db->prepare($query);
$stmt->execute($query_params);
} catch (PDOException $ex) {
die("Failed to run query: " . $ex->getMessage());
}
}
include_once 'AutoLoader.php';
AutoLoader::registerDirectory('src/classes');
require "src/config.php";
if (!empty($_POST)) {
$email = htmlspecialchars($_POST['email']);
$query = "\r\n SELECT *\r\n FROM users\r\n WHERE\r\n email = :email\r\n ";
$query_params = array(':email' => $email);
try {
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
} catch (PDOException $ex) {
die("Failed to run query: " . $ex->getMessage());
}
$row = $stmt->fetch();
if ($row) {
$check_password = PasswordUtils::hashPassword($_POST['password'], $row['salt']);
if ($check_password == $row['password']) {
if ($row['active_user'] == 0) {
$message = "You must activate your account first.";
} else {
unset($row['salt']);
unset($row['password']);
$_SESSION['user'] = $row;
if ($row['info_added'] == 0) {
switch ($row['user_type_id']) {
case 3:
// nurse
header("Location: src/nurse_info.php");
die("Redirecting to: src/nurse_info.php");
break;
case 2:
function saveRegistration($post, $hash, $db)
{
// Store the results into the users table.
$query = "\n INSERT INTO users (\n email,\n password,\n salt,\n user_type_id,\n hash,\n picture_url\n ) VALUES (\n :email,\n :password,\n :salt,\n :user_type_id,\n :hash,\n :picture_url\n )\n ";
// Security measures
$salt = PasswordUtils::generatePasswordSalt();
$password = PasswordUtils::hashPassword($post['password'], $salt);
$query_params = array(':email' => $post['email'], ':password' => $password, ':salt' => $salt, ':user_type_id' => $post['user_type_id'], ':hash' => $hash, ':picture_url' => 'http://walphotobucket.s3.amazonaws.com/default.jpg');
try {
$stmt = $db->prepare($query);
$stmt->execute($query_params);
} catch (PDOException $ex) {
die("Failed to run query: " . $ex->getMessage());
}
}
AutoLoader::registerDirectory('../src/classes');
require "config.php";
require "MailFiles/PHPMailerAutoload.php";
$fp = new ForgotPassword();
if (!empty($_POST)) {
// Check if the email is recognized.
$fp->checkEmail($_POST['email'], $db);
// If the email was recognized, generate a new password and send an email.
if (empty($fp->noEmail) && !empty($_POST['challenge_question_answer'])) {
if ($fp->checkAnswer(htmlspecialchars($_POST['challenge_question_answer']))) {
$newPassword = PasswordUtils::generateNewPassword();
if ($fp->sendNewPassword($newPassword)) {
$fp->success = "An email has been sent to the address that you provided. " . "Use the password included in the email to log in.";
// Hash the new password and update the tables.
$newSalt = PasswordUtils::generatePasswordSalt();
$newPassword = PasswordUtils::hashPassword($newPassword, $newSalt);
$fp->updateTables($newPassword, $newSalt, $db);
} else {
$fp->registrationFailure = "Verification email could not be sent. Please try again later.";
}
}
}
}
?>
<!doctype html>
<html lang="en">
<head>
<style>.error {color: #FF0000;}</style>
<style>.success {color: #00FF00;</style>
<meta charset="utf-8">
include_once '../AutoLoader.php';
AutoLoader::registerDirectory('../src/classes');
require "config.php";
if (!empty($_POST) && isset($_POST['submitButton'])) {
$email = $_SESSION['user']['email'];
$query = "\r\n SELECT *\r\n FROM users\r\n WHERE\r\n email = :email\r\n ";
$query_params = array(':email' => $email);
try {
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
} catch (PDOException $ex) {
die("Failed to run query: " . $ex->getMessage());
}
$row = $stmt->fetch();
if ($row) {
$check_password = PasswordUtils::hashPassword(htmlspecialchars($_POST['password']), $row['salt']);
if ($check_password == $row['password']) {
$query = "\r\n DELETE\r\n FROM users\r\n WHERE\r\n email = :email\r\n ";
$query_params = array(':email' => $_SESSION['user']['email']);
try {
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
} catch (PDOException $ex) {
die("Failed to run query: " . $ex->getMessage());
}
unset($_SESSION['user']);
$success = "Account deleted.";
} else {
$error = "Incorrect password.";
}
} else {
<?php
include_once '../AutoLoader.php';
AutoLoader::registerDirectory('../src/classes');
require "config.php";
require "MailFiles/PHPMailerAutoload.php";
$realPassword = PasswordUtils::generateNewPassword();
$passwordSalt = PasswordUtils::generatePasswordSalt();
$hashedPassword = PasswordUtils::hashPassword($realPassword, $passwordSalt);
$email = $_POST['email'];
$created_by_id = $_SESSION['user']['_id'];
if (!empty($_POST['manager'])) {
$created_by_id = $_POST['manager'];
}
$insertStatement = "INSERT INTO user\n\t\t\t\t\t(`user_type_id`, `created_by_id`, `password`, `password_salt`, `first_name`, `last_name`, `email`, `picture_url`) \n\t\t\t\t\tVALUES (:user_type_id,:created_by_id, :password,:password_salt,:first_name,:last_name,:email,:picture_url)";
$insertParams = array(':user_type_id' => $_POST['user_type_id'], ':created_by_id' => $created_by_id, ':password' => $hashedPassword, ':password_salt' => $passwordSalt, ':first_name' => $_POST['first'], ':last_name' => $_POST['last'], ':email' => $email, ':picture_url' => 'https://s3-us-west-2.amazonaws.com/dbsystems/default-avatar.png');
try {
$stmt = $db->prepare($insertStatement);
$result = $stmt->execute($insertParams);
$link = "http://dbsystems-engproject.rhcloud.com/";
$message = 'Hello!<br/><br/>' . 'An account has been created for you on our conference room scheduler!' . ' Please click <a href=' . $link . '>here</a> to log in.<br/><br/>' . 'Password: '******'<br/>To change your password, sign in, then select \'Change Password\'' . ' from the drawer on the left side of the screen.' . '<br/><br/>Thank you,<br/>Team 6';
$mailer = new SendEmail();
$mailer->SendEmail($email, "Conference Room Scheduler", $message, false);
header("Location: home.php");
die("Redirecting to home.php");
} catch (PDOException $ex) {
echo "query: " . $insertStatement . "</br>";
print_r($insertParams);
echo "<br/>exception: " . $ex->getMessage();
}
