Esempio n. 1
0
function registerFormSubmitted()
{
    require 'include/configGlobals.php';
    connectDatabase();
    slashAllInputs();
    //This makes sure they did not leave any fields blank
    if (!$_POST['username'] | !$_POST['email'] | !$_POST['firstName'] | !$_POST['lastName']) {
        die('You did not complete all of the required fields');
    }
    if (!isUsernameValid($_POST['username'])) {
        die('Sorry, that username is invalid. Please go back and try again.');
    }
    // checks if the username is in use
    $usercheck = $_POST['username'];
    $check = mysql_query("SELECT username FROM users WHERE username = '******'") or die(mysql_error());
    $check2 = mysql_num_rows($check);
    //if the name exists it gives an error
    if ($check2 != 0) {
        die('Sorry, the username ' . $_POST['username'] . ' is already in use. Please go back and try again.');
    }
    $emailcheck = $_POST['email'];
    $check = mysql_query("SELECT email FROM users WHERE email = '{$emailcheck}'") or die(mysql_error());
    $check2 = mysql_num_rows($check);
    //if the email exists it gives an error
    if ($check2 != 0) {
        die('Sorry, the email ' . $_POST['email'] . ' has already been registered. Please go back and try again.');
    }
    $tempPassword = rand_string(16);
    // here we encrypt the password and add slashes if needed
    $hashPassword = md5($tempPassword);
    $hashUsername = md5($_POST['username']);
    $hash256Password = bin2hex(mhash(MHASH_SHA256, $tempPassword));
    $hash256Username = bin2hex(mhash(MHASH_SHA256, $_POST['username']));
    $creationDate = date('Y-m-d');
    // now we insert it into the database
    $insert = "INSERT INTO users (username, pass, sha256_user, sha256_pass, fname, lname, addr1, addr2, city, state, zip, hphone, cphone, email, econtact, econtact_phone, econtact_rel, creation) VALUES (\n           '" . $_POST['username'] . "',\n           '" . $hashPassword . "',\n\t\t   '" . $hash256Username . "',\n\t\t   '" . $hash256Password . "',\n           '" . $_POST['firstName'] . "',\n           '" . $_POST['lastName'] . "',\n           '" . $_POST['address1'] . "',\n           '" . $_POST['address2'] . "',\n           '" . $_POST['city'] . "',\n           '" . $_POST['state'] . "',\n           '" . $_POST['zipCode'] . "',\n           '" . $_POST['homePhone'] . "',\n           '" . $_POST['cellPhone'] . "',\n           '" . $_POST['email'] . "',\n           '" . $_POST['econtact'] . "',\n           '" . $_POST['econtactPhone'] . "',\n           '" . $_POST['econtactRel'] . "',\n           '" . $creationDate . "'\n           )";
    $add_member = mysql_query($insert);
    $to = $_POST['email'];
    $from = $email_Administrator;
    $subject = 'Registered on ' . $club_Abbr . ' Online Registration Site';
    $message = "--{$mime_boundary}\n";
    $message .= "Content-Type: text/plain; charset=UTF-8\r\n";
    $message .= "Content-Transfer-Encoding: 8bit\r\n";
    $message .= 'Thank you for registering on the ' . $club_Abbr . ' Online Registration site.' . "\n" . "\n" . 'Your username is: [ ' . $usercheck . " ]\n" . 'Your temporary password is: [ ' . $tempPassword . " ]\n" . "\n" . 'Login at ' . $http_Logout . ' to change your password and register for events.' . "\n" . "\n" . 'Thank you!' . "\n" . '- ' . $club_Abbr . ' Administration' . "\n";
    $message .= "--{$mime_boundary}--\n\n";
    if (sendEmail($to, $from, $subject, $message) != false) {
        echo "<h1>Registered</h1>\n";
        echo "Thank you, you have registered. An email has been sent to " . $to . " \n";
        echo "with your username and temporary password. Depending on internal server traffic, this may take some time.<br><br>\n";
        echo "When you receive your temporary password you may <a href=\"index.php\">login</a> to continue.\n";
    } else {
        echo "<h1>Internal Email Error. Please contact administrator at " . $email_Administrator . "</h1>\n";
    }
}
Esempio n. 2
0
function forgotFormSubmitted()
{
    require 'include/configGlobals.php';
    // Connects to your Database
    connectDatabase();
    slashAllInputs();
    //This makes sure they did not leave any fields blank
    if (!$_POST['email']) {
        die('You did not complete all of the required fields');
    }
    // checks if the email is in use
    $emailcheck = $_POST['email'];
    $check = mysql_query("SELECT username FROM users WHERE email = '{$emailcheck}'") or die(mysql_error());
    $check2 = mysql_num_rows($check);
    //if the email doesn't exists it gives an error
    if ($check2 == 0) {
        die('Sorry, no user with email ' . $emailcheck . ' is registered in the database. Please try again.');
    }
    while ($info = mysql_fetch_array($check)) {
        $usercheck = $info['username'];
    }
    $tempPassword = rand_string(16);
    // here we encrypt the password
    $sha256_pass = bin2hex(mhash(MHASH_SHA256, $tempPassword));
    // now we insert it into the database
    $update_member = mysql_query("UPDATE users SET sha256_pass='******' WHERE username='******'");
    $sha256_pass = rand_string(128);
    // clear md5 hash
    $update_member = mysql_query("UPDATE users SET pass='' WHERE username='******'");
    $to = $emailcheck;
    $from = $email_Administrator;
    $subject = 'Reset Info for ' . $club_Abbr . ' Online Registration Site';
    $message = "--{$mime_boundary}\n";
    $message .= "Content-Type: text/plain; charset=UTF-8\r\n";
    $message .= "Content-Transfer-Encoding: 8bit\r\n";
    $message .= 'Your password has been reset on the ' . $club_Abbr . ' Online Registration site at your request.' . "\n" . "\n" . 'Your username is: [ ' . $usercheck . " ]\n" . 'Your temporary password is: [ ' . $tempPassword . " ]\n" . "\n" . 'Login at ' . $http_Logout . ' to change your password and register for events.' . "\n" . "\n" . 'Thank you!' . "\n" . '- ' . $club_Abbr . ' Administration' . "\n";
    $message .= "--{$mime_boundary}--\n\n";
    sendEmail($to, $from, $subject, $message);
    $tempPassword = rand_string(16);
    // clear variable data
    echoMainHeader();
    echo "<h1>Email Sent.</h1>\n";
    echo "Thank you, you have registered. An email has been sent to " . $_POST['email'] . " \n";
    echo "with your username and temporary password. Depending on internal server traffic, this may take some time.<br><br>\n";
    echo "When you receive your temporary password you may <a href=\"" . $http_Logout . "\">login</a> to continue.\n";
    echoMainFooter();
}
Esempio n. 3
0
//if there is, it logs you in and directes you to the members page
if (!isset($_POST['submit']) && !getCookie('ID')) {
    // if they are not logged in
    echoMainHeader();
    echo "<div align=\"center\" valign=\"center\">";
    displayLogin();
    echo "</div>";
    echoMainFooter();
} else {
    if (!isset($_POST['submit']) && getCookie('ID')) {
        validateSession();
        header('Location: main.php');
    } else {
        if (isset($_POST['submit'])) {
            // Clean arrays to prevent injection attacks
            slashAllInputs();
            // Connects to your Database
            connectDatabase();
            // makes sure they filled it in
            if (!$_POST['username'] || !$_POST['password']) {
                echoMainHeader();
                echo "<h2>You did not fill in a required field.</h2>\n";
                displayLogin();
            } else {
                //Gives error if user dosen't exist
                if (!doesUserExist($_POST['username'])) {
                    echoMainHeader();
                    echo "<h2>That user does not exist in our database.</h2>\n";
                    displayLogin();
                } else {
                    if (isValidUserPassword($_POST['username'], $_POST['password'])) {
Esempio n. 4
0
function validateSession()
{
    // 3/6/2010 Current Server does not allow for Server side detection. Now using forceSSL() in functions.js
    // see function isSSL() above.
    if (!isSSL()) {
        header("Location: logout.php");
    }
    slashAllInputs();
    connectDatabase();
    validateUser();
    // if they are not valid, they don't come back from here.
}