<?php // ------------------------------------------------------------ // CREATE VARIABLES TO HOLD CONSTANT VALUE FROM WEBCONFIG // ------------------------------------------------------------ $from_address = NO_REPLY; $activation_base_URL = ACCOUNT_ACTIVATION_URL; // if admin notification is enabled $notify_admin = REGISTRATION_NOTIFICATION; // ------------------------------------------------------------ // ASSEMBLE ACTIVATION URL // ------------------------------------------------------------ $activation_code = hashThis($txbUn); $parameter = "?aid="; $verificationURL = $activation_base_URL . $parameter . $activation_code; // ------------------------------------------------------------ // CREATE HTML E-MAIL // ------------------------------------------------------------ $to = $txbEmail; $subject = 'Account Confirmation'; $message = ' <html> <head> <title>Account Confirmation</title> </head> <body> <p>Hello ' . $txbUn . ',</p> <p>To complete your registration process, please click on the link below to confirm and activate your account.</p> <p><a href="' . $verificationURL . '">' . $verificationURL . '</a></p> </body> </html>
require_once ROOT_PATH . 'connect/mysql.php'; require_once ROOT_PATH . 'lib/hasher.fn.php'; // ------------------------------------------------------------ // SET VARIABLES FOR DB CHECK // ------------------------------------------------------------ $username4db = mysqli_real_escape_string($conn, $txbUn); $email4db = mysqli_real_escape_string($conn, $txbEmail); // DB QUERY: check for DUPLICATE username and/or email - both must be unique // ------------------------------------------------------------ $checkuser = mysqli_query($conn, "SELECT UserName, Email FROM users WHERE UserName = '******' OR EMAIL = '{$email4db}'") or die($checkUser_error); // ------------------------------------------------------------ // if user name or email does NOT exist yet validation is ok if (mysqli_num_rows($checkuser) == 0 && $passwordMatch_error == 0 && $emailValidate_error == 0 && $pwMinRequirements_error == 0) { // create hashed password and activation key $hashedPw = hashThis($txbPw); $ActivationKey = hashThis($txbUn); if (isset($_POST['sendCredentials'])) { $email_credentials = 1; } else { $email_credentials = 0; } if (isset($_POST['sendConfirmation'])) { $email_confirmation = 1; } else { $email_confirmation = 0; } if (isset($_POST['activateAccount'])) { $instantApproval = 1; } else { $instantApproval = 0; }
require_once ROOT_PATH . 'lib/hasher.fn.php'; // set variables $session_un = $_SESSION['UserName']; $session_pw = $_SESSION['Password']; // get token session if available if (isset($_SESSION['auth_token'])) { $session_auth_token = $_SESSION['auth_token']; } // DB QUERY: check username SESSION credential against db // ------------------------------------------------------------ $session_auth = mysqli_query($conn, "SELECT UserId, UserName, Password, SessionId, PremiumLevel FROM users WHERE UserName = '******' AND IsApproved = 1 AND IsLockedOut = 0 LIMIT 1") or die($dataaccess_error); // ------------------------------------------------------------ if (mysqli_num_rows($session_auth) == 1) { $row = mysqli_fetch_array($session_auth); $auth_sess_UserId = $row['UserId']; $auth_Password = hashThis($row['Password']); $premium_user_name = $row['UserName']; $user_token = $row['SessionId']; // if account sharing is not enabled if (ACCOUNT_SHARING == 0) { if ($auth_Password == $session_pw && $user_token == $session_auth_token) { // SECOND PASS OK! $second_pass = 1; } else { // delete sessions session_destroy(); header('Location:' . SITE_URL . 'login.php?TokenLogOff=1'); } } // if account sharing is enabled if (ACCOUNT_SHARING == 1) {
if (mysqli_num_rows($checklogin) == 1) { // set variables $row = mysqli_fetch_array($checklogin); $auth_pass = $row['Password']; $user_redirect = $row['DestinationUrl']; // create login sessions $_SESSION['UserName'] = $username; $_SESSION['Password'] = hashThis($auth_pass); $_SESSION['LoggedIn'] = 1; $cbxRememberMe = $_POST['cbxRememberMe']; // if remember me is checked if (isset($cbxRememberMe) && $cbxRememberMe == '1') { // create cookies for autologin $expire = time() + AUTO_LOGIN_DURATION; $cookie_un = $row['UserName']; $cookie_pass = hashThis($row['Password']); setcookie('user', $cookie_un, $expire); setcookie('pass', $cookie_pass, $expire); } // get user's IP address $lastloginip = $_SERVER['REMOTE_ADDR']; // DB QUERY: update database activity // ------------------------------------------------------------ $updateactivity = mysqli_query($conn, "UPDATE users SET LastLoginDate = NOW(), LastActivityDate = NOW(), LastLoginIP = '{$lastloginip}', IsLoggedIn = 1, SessionId = '{$auth_token}' WHERE UserName = '******'") or die($updateactivity_error); // ------------------------------------------------------------ // redirect to destination if (USE_DEFAULT_LOGIN_DESTINATION == 1 && $user_redirect == 'default') { header('Location:' . DEFAULT_LOGIN_DESTINATION_URL); } elseif (USE_DEFAULT_LOGIN_DESTINATION == 1 && $user_redirect != 'default') { header('Location:' . $user_redirect); } elseif (USE_DEFAULT_LOGIN_DESTINATION == 0 && $user_redirect != 'default') {
$msg .= $pw_numeric_msg; } } // check for special char $require_special_char = REQUIRE_SPECIAL_CHAR; if ($require_special_char == 1) { preg_match_all('/[|!@#$%&*\\/=?,;.:\\-_+~^\\\\]/', $sent_new_password0, $special_chars); $min_one_unique_char = count($special_chars[0]); if ($min_one_unique_char < 1) { $validate_error = 1; $msg .= $pw_special_msg; } } // if everything is validated OK if ($validate_error == 0) { $hashed_pw = hashThis($sent_new_password0); $reset_password = mysqli_query($conn, "UPDATE users SET Password = '******' WHERE UserName = '******'") or die($dataaccess_error); if (mysqli_affected_rows($conn) > 0) { if ($email_credentials == 1) { require_once 'email_new_pw.php'; } else { $msg = $pw_reset_success1; } } else { $msg = $pw_reset_failed; } } } else { // if password is too short $validate_error = 1; $msg .= $pw_length_msg;
<?php if (ACCOUNT_SHARING == 0) { // create token for db $auth_token = hashThis(time()); // create session token $_SESSION['auth_token'] = $auth_token; // create cookie version for auto login $expire_auth_token = time() + AUTO_LOGIN_DURATION; setcookie('cookie_auth_token', $auth_token, $expire_auth_token); }
<?php // ------------------------------------------------------------ // CREATE VARIABLES TO HOLD CONSTANT VALUE FROM WEBCONFIG // ------------------------------------------------------------ $from_address = NO_REPLY; // ------------------------------------------------------------ // GENERATE NEW PASSWORD // ------------------------------------------------------------ require_once ROOT_PATH . 'modules/recover_pw/salt_generator.php'; require_once ROOT_PATH . 'lib/hasher.fn.php'; $salt = gen_chars(8); $newpassword = $accountname . $salt; $newhashedpw = hashThis($newpassword); // DB QUERY: update database with new password // ------------------------------------------------------------ $updatepassword = mysqli_query($conn, "UPDATE users SET Password = '******' WHERE UserName = '******'") or die($updatepassword_error); // ------------------------------------------------------------ // ------------------------------------------------------------ // CREATE HTML E-MAIL // ------------------------------------------------------------ $to = $accountemail; $subject = 'Account Password Reset'; $message = ' <html> <head> <title>Account Password Reset</title> </head> <body> <p>Hello ' . $accountname . ',</p> <p>Your account password has been successfully reset, and a new temporary password has been generated for you.</p>
$msg = $password_numeric_error; $pw_numeric = $pw_numeric_msg; } } $requirespecialchar = REQUIRE_SPECIAL_CHAR; if ($requirespecialchar == 1) { preg_match_all('/[|!@#$%&*\\/=?,;.:\\-_+~^\\\\]/', $password, $specialchars); $minoneuniquechar = count($specialchars[0]); if ($minoneuniquechar < 1) { $validate_error = 1; $msg = $password_special_error; $pw_special = $pw_special_msg; } } if ($validate_error == 0) { $hashedPw = hashThis($password); $user_id = mysqli_real_escape_string($conn, $_GET['uid']); $reset_password = mysqli_query($conn, "UPDATE users SET Password = '******' WHERE UserId = {$user_id}") or die($createUser_error); if (mysqli_affected_rows($conn) > 0) { if ($email_pw == 1) { require_once 'email_pw.php'; } else { $msg = $pw_reset_success1; } } } } else { $validate_error = 1; $msg = $password_length_error; $pw_length = $pw_length_msg; }