function verify_email($user, $username, $email, $welcome = false)
{
global $base_domain, $base_url, $conn;
$code = generate_verification_code($user, VERIFY_FIELD_EMAIL);
$link = $base_domain . $base_url . "verify/{$code}/";
$contents = <<<EMAIL
<html>
<body style="font-family: sans-serif;">
EMAIL;
$action = "verify your email";
if ($welcome) {
$contents .= <<<EMAIL
<h3>Welcome to SquadCal, {$username}!</h3>
EMAIL;
$action = "complete your registration and " . $action;
}
$contents .= <<<EMAIL
<p>
Please {$action} by clicking this link:
<a href="{$link}">{$link}</a>
</p>
</body>
</html>
EMAIL;
mail($email, 'Verify email for SquadCal', $contents, "From: no-reply@squadcal.org\r\n" . "MIME-Version: 1.0\r\n" . "Content-type: text/html; charset=iso-8859-1\r\n");
}
if (user_logged_in()) {
exit(json_encode(array('error' => 'already_logged_in')));
}
if (!isset($_POST['username'])) {
exit(json_encode(array('error' => 'invalid_parameters')));
}
$username = $_POST['username'];
$result = $conn->query("SELECT id, username, email " . "FROM users WHERE username = '******' OR email = '{$username}'");
$user_row = $result->fetch_assoc();
if (!$user_row) {
exit(json_encode(array('error' => 'invalid_user')));
}
$id = $user_row['id'];
$username = $user_row['username'];
$email = $user_row['email'];
$code = generate_verification_code($id, VERIFY_FIELD_RESET_PASSWORD);
$link = $base_domain . $base_url . "verify/{$code}/";
$contents = <<<EMAIL
<html>
<body style="font-family: sans-serif;">
<p>
We received a request to reset the password associated with your account
{$username} on SquadCal. If you did not issue this request, you do not
need to do anything, and your password will remain the same. However, if
you did issue this request, please visit this link to reset your password:
<a href="{$link}">{$link}</a>
</p>
</body>
</html>
EMAIL;
mail($email, 'Reset password for SquadCal', $contents, "From: no-reply@squadcal.org\r\n" . "MIME-Version: 1.0\r\n" . "Content-type: text/html; charset=iso-8859-1\r\n");
