return false; }); }); //end ready </script> <?php } //end else if user not logged in if (isset($_POST['forgotsubmit'])) { $mail = $_POST['mail']; $stmt = $connection->prepare("SELECT * FROM admin WHERE email = :mail"); $stmt->execute(array(':mail' => $mail)); $result = $stmt->fetch(PDO::FETCH_ASSOC); if ($result['username'] == 'admin') { $rand = mt_rand(1234, 9999); $safePass = generateSecureHash($rand, 12324234); $stmt = $connection->prepare("UPDATE admin SET password = :password WHERE email = :mail"); $stmt->execute(array(':password' => $safePass, ':mail' => $mail)); $to = $mail; $subject = 'Password Reset For Your Coupon Site'; $message = 'Hello, Your New Password is ' . $rand; $headers = 'From: ' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); mail($to, $subject, $message, $headers); echo "Your Password was Reset. Check Your Junk Folder."; } else { echo "Invalid Email"; } } ?> </div> </body>
<?php if (isset($_POST['submit'])) { include '../functions.php'; $create = $connection->prepare("CREATE TABLE IF NOT EXISTS admin (username varchar(30) UNIQUE, password varchar(90), email \t\tvarchar(100))"); $create->execute(array()); if (!$create) { echo $connection->errorInfo(); } $p = generateSecureHash($_POST['password'], 12324234); $e = $_POST['mail']; $insert = $connection->prepare("INSERT INTO admin (username,password,email) values('admin','" . $p . "','" . $e . "')"); $insert->execute(array()); if (!$insert) { echo $connection->errorInfo(); } header("Location: finalize.php"); } ?> <!doctype html> <html> <head> <meta charset="UTF-8"> <title>Create Admin Account</title> </head> <body> <h2> Create an Admin Account - Step 2 </h2> <form name="adminac" method="post" action="admin.php">
<h3>Admin Panel</h3> <?php if (isset($_POST['username'])) { $username = $_POST['username']; if ($username != "admin") { echo "Please enter username as 'admin', if you are trying to create an admin account.<br>"; echo "<small>With the current version of script, only admin accounts are possible</small>"; } else { $stmt = $connection->prepare("SELECT * FROM admin WHERE username = {$username}"); $stmt->execute(array()); $result = $stmt->fetchAll(PDO::FETCH_ASSOC); if (count($result) >= 1) { echo "Admin Account Already Exists"; } else { //Each User has its unique HASH $safepass = generateSecureHash($_REQUEST['pass'], $_REQUEST['username']); //Hash the Entered Pass, and store it in variable. $stmt = $connection->prepare('INSERT INTO admin (username, password, email) VALUES (:username, :safepass, :email)'); $stmt->execute(array("username" => $_REQUEST['username'], "safepass" => $safepass, "email" => $_REQUEST['email'])); echo "<br>You are Now the Administrator of this Site. Please <a href='admin.php'>Log in</a> to Continue.<br>"; } } } else { ?> <form method='post' action='create.php'> <input type="text" name='username' placeholder="username" required autocomplete='off' autofocus> <input type="password" name='pass' placeholder="password" required> <input type="email" name="email" placeholder="email" required> <input type="submit" value="Sign Up"> </form> <?php