function makePasswordChange($db, $newPassword, $salt, $id) { $query = "\n UPDATE user\n SET\n password = :password\n WHERE\n _id = :id\n "; $query_params = array(':password' => PasswordUtils::hashPassword($newPassword, $salt), ':id' => $id); try { $stmt = $db->prepare($query); $stmt->execute($query_params); } catch (PDOException $ex) { die("Failed to run query: " . $ex->getMessage()); } }
function saveRegistration($post, $db) { // Store the results into the users table. $query = "\n INSERT INTO user (\n email,\n password,\n password_salt,\n first_name,\n last_name,\n user_type_id,\n picture_url\n ) VALUES (\n :email,\n :password,\n :salt,\n :first_name,\n :last_name,\n :user_type_id,\n :picture_url\n )"; // Security measures $salt = PasswordUtils::generatePasswordSalt(); $password = PasswordUtils::hashPassword($post['password'], $salt); $query_params = array(':email' => $post['email'], ':password' => $password, ':salt' => $salt, ':first_name' => $post['first_name'], ':last_name' => $post['last_name'], ':user_type_id' => '1', ':picture_url' => 'https://s3-us-west-2.amazonaws.com/dbsystems/default-avatar.png'); try { $stmt = $db->prepare($query); $stmt->execute($query_params); } catch (PDOException $ex) { die("Failed to run query: " . $ex->getMessage()); } }
include_once 'AutoLoader.php'; AutoLoader::registerDirectory('src/classes'); require "src/config.php"; if (!empty($_POST)) { $email = htmlspecialchars($_POST['email']); $query = "\r\n SELECT *\r\n FROM users\r\n WHERE\r\n email = :email\r\n "; $query_params = array(':email' => $email); try { $stmt = $db->prepare($query); $result = $stmt->execute($query_params); } catch (PDOException $ex) { die("Failed to run query: " . $ex->getMessage()); } $row = $stmt->fetch(); if ($row) { $check_password = PasswordUtils::hashPassword($_POST['password'], $row['salt']); if ($check_password == $row['password']) { if ($row['active_user'] == 0) { $message = "You must activate your account first."; } else { unset($row['salt']); unset($row['password']); $_SESSION['user'] = $row; if ($row['info_added'] == 0) { switch ($row['user_type_id']) { case 3: // nurse header("Location: src/nurse_info.php"); die("Redirecting to: src/nurse_info.php"); break; case 2:
function saveRegistration($post, $hash, $db) { // Store the results into the users table. $query = "\n INSERT INTO users (\n email,\n password,\n salt,\n user_type_id,\n hash,\n picture_url\n ) VALUES (\n :email,\n :password,\n :salt,\n :user_type_id,\n :hash,\n :picture_url\n )\n "; // Security measures $salt = PasswordUtils::generatePasswordSalt(); $password = PasswordUtils::hashPassword($post['password'], $salt); $query_params = array(':email' => $post['email'], ':password' => $password, ':salt' => $salt, ':user_type_id' => $post['user_type_id'], ':hash' => $hash, ':picture_url' => 'http://walphotobucket.s3.amazonaws.com/default.jpg'); try { $stmt = $db->prepare($query); $stmt->execute($query_params); } catch (PDOException $ex) { die("Failed to run query: " . $ex->getMessage()); } }
AutoLoader::registerDirectory('../src/classes'); require "config.php"; require "MailFiles/PHPMailerAutoload.php"; $fp = new ForgotPassword(); if (!empty($_POST)) { // Check if the email is recognized. $fp->checkEmail($_POST['email'], $db); // If the email was recognized, generate a new password and send an email. if (empty($fp->noEmail) && !empty($_POST['challenge_question_answer'])) { if ($fp->checkAnswer(htmlspecialchars($_POST['challenge_question_answer']))) { $newPassword = PasswordUtils::generateNewPassword(); if ($fp->sendNewPassword($newPassword)) { $fp->success = "An email has been sent to the address that you provided. " . "Use the password included in the email to log in."; // Hash the new password and update the tables. $newSalt = PasswordUtils::generatePasswordSalt(); $newPassword = PasswordUtils::hashPassword($newPassword, $newSalt); $fp->updateTables($newPassword, $newSalt, $db); } else { $fp->registrationFailure = "Verification email could not be sent. Please try again later."; } } } } ?> <!doctype html> <html lang="en"> <head> <style>.error {color: #FF0000;}</style> <style>.success {color: #00FF00;</style> <meta charset="utf-8">
include_once '../AutoLoader.php'; AutoLoader::registerDirectory('../src/classes'); require "config.php"; if (!empty($_POST) && isset($_POST['submitButton'])) { $email = $_SESSION['user']['email']; $query = "\r\n SELECT *\r\n FROM users\r\n WHERE\r\n email = :email\r\n "; $query_params = array(':email' => $email); try { $stmt = $db->prepare($query); $result = $stmt->execute($query_params); } catch (PDOException $ex) { die("Failed to run query: " . $ex->getMessage()); } $row = $stmt->fetch(); if ($row) { $check_password = PasswordUtils::hashPassword(htmlspecialchars($_POST['password']), $row['salt']); if ($check_password == $row['password']) { $query = "\r\n DELETE\r\n FROM users\r\n WHERE\r\n email = :email\r\n "; $query_params = array(':email' => $_SESSION['user']['email']); try { $stmt = $db->prepare($query); $result = $stmt->execute($query_params); } catch (PDOException $ex) { die("Failed to run query: " . $ex->getMessage()); } unset($_SESSION['user']); $success = "Account deleted."; } else { $error = "Incorrect password."; } } else {
<?php include_once '../AutoLoader.php'; AutoLoader::registerDirectory('../src/classes'); require "config.php"; require "MailFiles/PHPMailerAutoload.php"; $realPassword = PasswordUtils::generateNewPassword(); $passwordSalt = PasswordUtils::generatePasswordSalt(); $hashedPassword = PasswordUtils::hashPassword($realPassword, $passwordSalt); $email = $_POST['email']; $created_by_id = $_SESSION['user']['_id']; if (!empty($_POST['manager'])) { $created_by_id = $_POST['manager']; } $insertStatement = "INSERT INTO user\n\t\t\t\t\t(`user_type_id`, `created_by_id`, `password`, `password_salt`, `first_name`, `last_name`, `email`, `picture_url`) \n\t\t\t\t\tVALUES (:user_type_id,:created_by_id, :password,:password_salt,:first_name,:last_name,:email,:picture_url)"; $insertParams = array(':user_type_id' => $_POST['user_type_id'], ':created_by_id' => $created_by_id, ':password' => $hashedPassword, ':password_salt' => $passwordSalt, ':first_name' => $_POST['first'], ':last_name' => $_POST['last'], ':email' => $email, ':picture_url' => 'https://s3-us-west-2.amazonaws.com/dbsystems/default-avatar.png'); try { $stmt = $db->prepare($insertStatement); $result = $stmt->execute($insertParams); $link = "http://dbsystems-engproject.rhcloud.com/"; $message = 'Hello!<br/><br/>' . 'An account has been created for you on our conference room scheduler!' . ' Please click <a href=' . $link . '>here</a> to log in.<br/><br/>' . 'Password: '******'<br/>To change your password, sign in, then select \'Change Password\'' . ' from the drawer on the left side of the screen.' . '<br/><br/>Thank you,<br/>Team 6'; $mailer = new SendEmail(); $mailer->SendEmail($email, "Conference Room Scheduler", $message, false); header("Location: home.php"); die("Redirecting to home.php"); } catch (PDOException $ex) { echo "query: " . $insertStatement . "</br>"; print_r($insertParams); echo "<br/>exception: " . $ex->getMessage(); }