<?php // ------------------------------------------------------------ // CREATE VARIABLES TO HOLD CONSTANT VALUE FROM WEBCONFIG // ------------------------------------------------------------ $from_address = NO_REPLY; $activation_base_URL = ACCOUNT_ACTIVATION_URL; // if admin notification is enabled $notify_admin = REGISTRATION_NOTIFICATION; // ------------------------------------------------------------ // ASSEMBLE ACTIVATION URL // ------------------------------------------------------------ $activation_code = hashThis($txbUn); $parameter = "?aid="; $verificationURL = $activation_base_URL . $parameter . $activation_code; // ------------------------------------------------------------ // CREATE HTML E-MAIL // ------------------------------------------------------------ $to = $txbEmail; $subject = 'Account Confirmation'; $message = ' <html> <head> <title>Account Confirmation</title> </head> <body> <p>Hello ' . $txbUn . ',</p> <p>To complete your registration process, please click on the link below to confirm and activate your account.</p> <p><a href="' . $verificationURL . '">' . $verificationURL . '</a></p> </body> </html>
require_once ROOT_PATH . 'connect/mysql.php';
require_once ROOT_PATH . 'lib/hasher.fn.php';
// ------------------------------------------------------------
// SET VARIABLES FOR DB CHECK
// ------------------------------------------------------------
$username4db = mysqli_real_escape_string($conn, $txbUn);
$email4db = mysqli_real_escape_string($conn, $txbEmail);
// DB QUERY: check for DUPLICATE username and/or email - both must be unique
// ------------------------------------------------------------
$checkuser = mysqli_query($conn, "SELECT UserName, Email FROM users WHERE UserName = '******' OR EMAIL = '{$email4db}'") or die($checkUser_error);
// ------------------------------------------------------------
// if user name or email does NOT exist yet validation is ok
if (mysqli_num_rows($checkuser) == 0 && $passwordMatch_error == 0 && $emailValidate_error == 0 && $pwMinRequirements_error == 0) {
// create hashed password and activation key
$hashedPw = hashThis($txbPw);
$ActivationKey = hashThis($txbUn);
if (isset($_POST['sendCredentials'])) {
$email_credentials = 1;
} else {
$email_credentials = 0;
}
if (isset($_POST['sendConfirmation'])) {
$email_confirmation = 1;
} else {
$email_confirmation = 0;
}
if (isset($_POST['activateAccount'])) {
$instantApproval = 1;
} else {
$instantApproval = 0;
}
require_once ROOT_PATH . 'lib/hasher.fn.php';
// set variables
$session_un = $_SESSION['UserName'];
$session_pw = $_SESSION['Password'];
// get token session if available
if (isset($_SESSION['auth_token'])) {
$session_auth_token = $_SESSION['auth_token'];
}
// DB QUERY: check username SESSION credential against db
// ------------------------------------------------------------
$session_auth = mysqli_query($conn, "SELECT UserId, UserName, Password, SessionId, PremiumLevel FROM users WHERE UserName = '******' AND IsApproved = 1 AND IsLockedOut = 0 LIMIT 1") or die($dataaccess_error);
// ------------------------------------------------------------
if (mysqli_num_rows($session_auth) == 1) {
$row = mysqli_fetch_array($session_auth);
$auth_sess_UserId = $row['UserId'];
$auth_Password = hashThis($row['Password']);
$premium_user_name = $row['UserName'];
$user_token = $row['SessionId'];
// if account sharing is not enabled
if (ACCOUNT_SHARING == 0) {
if ($auth_Password == $session_pw && $user_token == $session_auth_token) {
// SECOND PASS OK!
$second_pass = 1;
} else {
// delete sessions
session_destroy();
header('Location:' . SITE_URL . 'login.php?TokenLogOff=1');
}
}
// if account sharing is enabled
if (ACCOUNT_SHARING == 1) {
if (mysqli_num_rows($checklogin) == 1) {
// set variables
$row = mysqli_fetch_array($checklogin);
$auth_pass = $row['Password'];
$user_redirect = $row['DestinationUrl'];
// create login sessions
$_SESSION['UserName'] = $username;
$_SESSION['Password'] = hashThis($auth_pass);
$_SESSION['LoggedIn'] = 1;
$cbxRememberMe = $_POST['cbxRememberMe'];
// if remember me is checked
if (isset($cbxRememberMe) && $cbxRememberMe == '1') {
// create cookies for autologin
$expire = time() + AUTO_LOGIN_DURATION;
$cookie_un = $row['UserName'];
$cookie_pass = hashThis($row['Password']);
setcookie('user', $cookie_un, $expire);
setcookie('pass', $cookie_pass, $expire);
}
// get user's IP address
$lastloginip = $_SERVER['REMOTE_ADDR'];
// DB QUERY: update database activity
// ------------------------------------------------------------
$updateactivity = mysqli_query($conn, "UPDATE users SET LastLoginDate = NOW(), LastActivityDate = NOW(), LastLoginIP = '{$lastloginip}', IsLoggedIn = 1, SessionId = '{$auth_token}' WHERE UserName = '******'") or die($updateactivity_error);
// ------------------------------------------------------------
// redirect to destination
if (USE_DEFAULT_LOGIN_DESTINATION == 1 && $user_redirect == 'default') {
header('Location:' . DEFAULT_LOGIN_DESTINATION_URL);
} elseif (USE_DEFAULT_LOGIN_DESTINATION == 1 && $user_redirect != 'default') {
header('Location:' . $user_redirect);
} elseif (USE_DEFAULT_LOGIN_DESTINATION == 0 && $user_redirect != 'default') {
$msg .= $pw_numeric_msg;
}
}
// check for special char
$require_special_char = REQUIRE_SPECIAL_CHAR;
if ($require_special_char == 1) {
preg_match_all('/[|!@#$%&*\\/=?,;.:\\-_+~^\\\\]/', $sent_new_password0, $special_chars);
$min_one_unique_char = count($special_chars[0]);
if ($min_one_unique_char < 1) {
$validate_error = 1;
$msg .= $pw_special_msg;
}
}
// if everything is validated OK
if ($validate_error == 0) {
$hashed_pw = hashThis($sent_new_password0);
$reset_password = mysqli_query($conn, "UPDATE users SET Password = '******' WHERE UserName = '******'") or die($dataaccess_error);
if (mysqli_affected_rows($conn) > 0) {
if ($email_credentials == 1) {
require_once 'email_new_pw.php';
} else {
$msg = $pw_reset_success1;
}
} else {
$msg = $pw_reset_failed;
}
}
} else {
// if password is too short
$validate_error = 1;
$msg .= $pw_length_msg;
<?php
if (ACCOUNT_SHARING == 0) {
// create token for db
$auth_token = hashThis(time());
// create session token
$_SESSION['auth_token'] = $auth_token;
// create cookie version for auto login
$expire_auth_token = time() + AUTO_LOGIN_DURATION;
setcookie('cookie_auth_token', $auth_token, $expire_auth_token);
}
<?php // ------------------------------------------------------------ // CREATE VARIABLES TO HOLD CONSTANT VALUE FROM WEBCONFIG // ------------------------------------------------------------ $from_address = NO_REPLY; // ------------------------------------------------------------ // GENERATE NEW PASSWORD // ------------------------------------------------------------ require_once ROOT_PATH . 'modules/recover_pw/salt_generator.php'; require_once ROOT_PATH . 'lib/hasher.fn.php'; $salt = gen_chars(8); $newpassword = $accountname . $salt; $newhashedpw = hashThis($newpassword); // DB QUERY: update database with new password // ------------------------------------------------------------ $updatepassword = mysqli_query($conn, "UPDATE users SET Password = '******' WHERE UserName = '******'") or die($updatepassword_error); // ------------------------------------------------------------ // ------------------------------------------------------------ // CREATE HTML E-MAIL // ------------------------------------------------------------ $to = $accountemail; $subject = 'Account Password Reset'; $message = ' <html> <head> <title>Account Password Reset</title> </head> <body> <p>Hello ' . $accountname . ',</p> <p>Your account password has been successfully reset, and a new temporary password has been generated for you.</p>
$msg = $password_numeric_error;
$pw_numeric = $pw_numeric_msg;
}
}
$requirespecialchar = REQUIRE_SPECIAL_CHAR;
if ($requirespecialchar == 1) {
preg_match_all('/[|!@#$%&*\\/=?,;.:\\-_+~^\\\\]/', $password, $specialchars);
$minoneuniquechar = count($specialchars[0]);
if ($minoneuniquechar < 1) {
$validate_error = 1;
$msg = $password_special_error;
$pw_special = $pw_special_msg;
}
}
if ($validate_error == 0) {
$hashedPw = hashThis($password);
$user_id = mysqli_real_escape_string($conn, $_GET['uid']);
$reset_password = mysqli_query($conn, "UPDATE users SET Password = '******' WHERE UserId = {$user_id}") or die($createUser_error);
if (mysqli_affected_rows($conn) > 0) {
if ($email_pw == 1) {
require_once 'email_pw.php';
} else {
$msg = $pw_reset_success1;
}
}
}
} else {
$validate_error = 1;
$msg = $password_length_error;
$pw_length = $pw_length_msg;
}
