Esempio n. 1
0
$user = set_post('user', '');
$password = set_post('password', '');
//check if ready
if (!isset($_POST['user']) && !isset($_POST['password'])) {
    return false;
}
//variables not set yet
//error checking
$terror = false;
//if an error occurred
if (empty($user)) {
    notices_set('Please provide an email or username', 'error');
    $terror = true;
}
if (!password_is_valid($password)) {
    notices_set('Invalid password - Passwords must be at least ' . REQ_PASSWORD_LENGTH, 'error');
    $terror = true;
}
//last error check
if ($terror) {
    //exit script
    echo notices_get();
    //show errors
    return false;
}
//login
if (do_login($user, $password)) {
    do_redirect();
} else {
    echo notices_get();
}
Esempio n. 2
0
//send a password reset request to a user
//check if form submitted
if (!isset($_POST['email'])) {
    return false;
}
//variables not set yet
//get variables
$email = set_post('email', '');
if (empty($email) || !email_is_valid($email)) {
    notices_set('Invalid email.', 'error');
    return false;
}
//check if it is valid
$sql = sql_query(" SELECT id FROM `users` WHERE email='{$email}' LIMIT 1 ");
if (sql_count($sql) <= 0) {
    notices_set('Invalid email.', 'error');
    return false;
}
$data = sql_fetch($sql);
//create code
$confirm = confirm_token_create($email);
//delete all tokens for that email
sql_query(" DELETE FROM `password_reset` WHERE user='******'id']}' LIMIT 1 ");
//insert
sql_query(" INSERT INTO `password_reset` (user, token) VALUES('{$data['id']}' , '{$confirm}') \n\t\t\tON DUPLICATE KEY UPDATE token='{$confirm}' ");
//send email
email_send('password_reset', 'Planling Password Reset', array($email => $email), array('{{%LINK%}}' => 'http://' . MAIN_URL . '/password?e=' . $email . '&t=' . $confirm));
//set message
notices_set('Instructions on how to reset your password has been sent to <strong>' . $email . '</strong>.', 'success');
//redirect user
do_redirect();
Esempio n. 3
0
    notices_set('Invalid email.', 'error');
    do_redirect();
}
if (empty($confirm)) {
    notices_set('Invalid confirmation code.', 'error');
    do_redirect();
}
//check if it is valid
$sql = sql_query(" SELECT id, confirm FROM `users` WHERE email='{$email}' LIMIT 1 ");
if (sql_count($sql) <= 0) {
    notices_set('Invalid email.', 'error');
    do_redirect();
}
//check if confirm is already cleared
$data = sql_fetch($sql);
if (!isset($data['confirm'])) {
    //account already confirmed
    notices_set('Email already confirmed.', 'error');
    do_redirect();
} else {
    if ($data['confirm'] != $confirm) {
        notices_set('Invalid confirmation code. <a href="verify_resend?e=' . $email . '">Click here to send ' . $email . ' another confirmation code &raquo;</a>', 'error');
        do_redirect();
    }
}
//verify users account
sql_query(" UPDATE `users` SET confirm=NULL WHERE email='{$email}' AND confirm='{$confirm}' LIMIT 1 ");
//set message
notices_set('Email successfully verified! Have a good day!', 'success');
//redirect user
do_redirect();
Esempio n. 4
0
//verify a users email
require '../includes/config/config.php';
//get variables
$email = set_get('e', '');
if (empty($email) || !email_is_valid($email)) {
    notices_set('Invalid email.', 'error');
    do_redirect();
}
//check if it is valid
$sql = sql_query(" SELECT id, confirm FROM `users` WHERE email='{$email}' LIMIT 1 ");
if (sql_count($sql) <= 0) {
    notices_set('Invalid email.', 'error');
    do_redirect();
}
//check if account already verified
$data = sql_fetch($sql);
if (!isset($data['confirm'])) {
    //account already confirmed
    notices_set('Email already confirmed.', 'success');
    do_redirect();
}
//create account confirm
$confirm = confirm_token_create($email);
//update account with new verify code
sql_query(" UPDATE `users` SET confirm='{$confirm}' WHERE id='{$data['id']}' LIMIT 1 ");
//send email
email_send('verify_resend', 'Planling Verification Code', array($email => $email), array('{{%LINK%}}' => 'http://' . MAIN_URL . '/verify?e=' . $email . '&t=' . $confirm));
//set message
notices_set('Confirmation code successfully sent!', 'success');
//redirect user
do_redirect();
Esempio n. 5
0
$sql = sql_query(" SELECT id FROM `users` WHERE email='{$email1}' LIMIT 1 ");
if (sql_count($sql) > 0) {
    notices_set('Email already in use, please use a different email or reset your password', 'error');
    $terror = true;
}
//last error check
if ($terror) {
    //exit script
    echo notices_get();
    return false;
}
//create password
$hash_token = password_hash_create();
//creates a users unique hash
$password = password_encrypt($password1, $hash_token);
//create account confirm
$confirm = confirm_token_create($email1);
//add to database
sql_query(" INSERT INTO `users` (hash_token, email, password, confirm) VALUES('{$hash_token}', '{$email1}', '{$password}', '{$confirm}') ");
//set notices
notices_set('Account successfully created!', 'success');
//send email
email_send('register', 'Welcome to Planling!', array($email1 => $email1), array('{{%LINK%}}' => 'http://' . MAIN_URL . '/verify?e=' . $email1 . '&t=' . $confirm));
//log the user in
if (do_login($email1, $password1)) {
    $main_data = set_main_data();
} else {
    return false;
}
//success
return true;
Esempio n. 6
0
function set_main_data()
{
    //sets the users universal main_data variable
    if (!isset($_SESSION['id']) || !isset($_SESSION['email'])) {
        return false;
    }
    //set variables
    $tid = sql_filter($_SESSION['id']);
    //users id
    $tuser = sql_filter($_SESSION['email']);
    //users email
    $tsessionid = sql_filter(session_id());
    //users current session id
    $sql = sql_query("SELECT * FROM `users` WHERE id='{$tid}' AND session_id='{$tsessionid}' AND email='{$tuser}' LIMIT 1");
    if (sql_count($sql) > 0) {
        return sql_fetch($sql);
    }
    //main users data
    //check if logged in somewhere else
    if (isset($_COOKIE['PHPSESSID'])) {
        //account logged in somewhere else
        clear_session();
        session_start();
        notices_set('Your account was logged in at another location. <a href="password">If you were unaware of this, please change your password &raquo;</a>', 'alert');
    } else {
        //session expired
        clear_session();
        session_start();
        notices_set('You have been logged out for inactivity.', 'alert');
    }
    //no good
    return false;
}
Esempio n. 7
0
}
//last error check
if ($terror) {
    //exit script
    echo notices_get();
    return false;
}
//hash password
$sql = sql_query(" SELECT id, hash_token FROM `users` WHERE email='{$email}' LIMIT 1 ");
//get users unique hash token
if (sql_count($sql) <= 0) {
    //no user found
    notices_set('Invalid email. <a href="password">Please request a new password reset.</a>', 'error');
    do_redirect();
}
$data = sql_fetch($sql);
//get user data
$password = password_encrypt($password1, $data['hash_token']);
//use users hash token to create password
//update users account
sql_query(" UPDATE `users` SET confirm=NULL, password='******' WHERE id='{$data['id']}' AND email='{$email}' LIMIT 1 ");
//delete old token
sql_query(" DELETE FROM `password_reset` WHERE user='******'id']}' LIMIT 1 ");
//cleanup old tokens
sql_query(" DELETE FROM `password_reset` WHERE stamp<'" . date('Y-m-d H:i:s', strtotime('-' . PASSWORD_RESET_LIFE . ' hours')) . "' LIMIT 500 ");
//send email
email_send('password_change', 'Planling Password Changed', array($email => $email), array('{{%LINK%}}' => 'http://' . MAIN_URL . '/password'));
//set message
notices_set('Your password has successfully been changed.', 'success');
//redirect user
do_redirect();