$user = set_post('user', ''); $password = set_post('password', ''); //check if ready if (!isset($_POST['user']) && !isset($_POST['password'])) { return false; } //variables not set yet //error checking $terror = false; //if an error occurred if (empty($user)) { notices_set('Please provide an email or username', 'error'); $terror = true; } if (!password_is_valid($password)) { notices_set('Invalid password - Passwords must be at least ' . REQ_PASSWORD_LENGTH, 'error'); $terror = true; } //last error check if ($terror) { //exit script echo notices_get(); //show errors return false; } //login if (do_login($user, $password)) { do_redirect(); } else { echo notices_get(); }
//send a password reset request to a user //check if form submitted if (!isset($_POST['email'])) { return false; } //variables not set yet //get variables $email = set_post('email', ''); if (empty($email) || !email_is_valid($email)) { notices_set('Invalid email.', 'error'); return false; } //check if it is valid $sql = sql_query(" SELECT id FROM `users` WHERE email='{$email}' LIMIT 1 "); if (sql_count($sql) <= 0) { notices_set('Invalid email.', 'error'); return false; } $data = sql_fetch($sql); //create code $confirm = confirm_token_create($email); //delete all tokens for that email sql_query(" DELETE FROM `password_reset` WHERE user='******'id']}' LIMIT 1 "); //insert sql_query(" INSERT INTO `password_reset` (user, token) VALUES('{$data['id']}' , '{$confirm}') \n\t\t\tON DUPLICATE KEY UPDATE token='{$confirm}' "); //send email email_send('password_reset', 'Planling Password Reset', array($email => $email), array('{{%LINK%}}' => 'http://' . MAIN_URL . '/password?e=' . $email . '&t=' . $confirm)); //set message notices_set('Instructions on how to reset your password has been sent to <strong>' . $email . '</strong>.', 'success'); //redirect user do_redirect();
notices_set('Invalid email.', 'error'); do_redirect(); } if (empty($confirm)) { notices_set('Invalid confirmation code.', 'error'); do_redirect(); } //check if it is valid $sql = sql_query(" SELECT id, confirm FROM `users` WHERE email='{$email}' LIMIT 1 "); if (sql_count($sql) <= 0) { notices_set('Invalid email.', 'error'); do_redirect(); } //check if confirm is already cleared $data = sql_fetch($sql); if (!isset($data['confirm'])) { //account already confirmed notices_set('Email already confirmed.', 'error'); do_redirect(); } else { if ($data['confirm'] != $confirm) { notices_set('Invalid confirmation code. <a href="verify_resend?e=' . $email . '">Click here to send ' . $email . ' another confirmation code »</a>', 'error'); do_redirect(); } } //verify users account sql_query(" UPDATE `users` SET confirm=NULL WHERE email='{$email}' AND confirm='{$confirm}' LIMIT 1 "); //set message notices_set('Email successfully verified! Have a good day!', 'success'); //redirect user do_redirect();
//verify a users email require '../includes/config/config.php'; //get variables $email = set_get('e', ''); if (empty($email) || !email_is_valid($email)) { notices_set('Invalid email.', 'error'); do_redirect(); } //check if it is valid $sql = sql_query(" SELECT id, confirm FROM `users` WHERE email='{$email}' LIMIT 1 "); if (sql_count($sql) <= 0) { notices_set('Invalid email.', 'error'); do_redirect(); } //check if account already verified $data = sql_fetch($sql); if (!isset($data['confirm'])) { //account already confirmed notices_set('Email already confirmed.', 'success'); do_redirect(); } //create account confirm $confirm = confirm_token_create($email); //update account with new verify code sql_query(" UPDATE `users` SET confirm='{$confirm}' WHERE id='{$data['id']}' LIMIT 1 "); //send email email_send('verify_resend', 'Planling Verification Code', array($email => $email), array('{{%LINK%}}' => 'http://' . MAIN_URL . '/verify?e=' . $email . '&t=' . $confirm)); //set message notices_set('Confirmation code successfully sent!', 'success'); //redirect user do_redirect();
$sql = sql_query(" SELECT id FROM `users` WHERE email='{$email1}' LIMIT 1 "); if (sql_count($sql) > 0) { notices_set('Email already in use, please use a different email or reset your password', 'error'); $terror = true; } //last error check if ($terror) { //exit script echo notices_get(); return false; } //create password $hash_token = password_hash_create(); //creates a users unique hash $password = password_encrypt($password1, $hash_token); //create account confirm $confirm = confirm_token_create($email1); //add to database sql_query(" INSERT INTO `users` (hash_token, email, password, confirm) VALUES('{$hash_token}', '{$email1}', '{$password}', '{$confirm}') "); //set notices notices_set('Account successfully created!', 'success'); //send email email_send('register', 'Welcome to Planling!', array($email1 => $email1), array('{{%LINK%}}' => 'http://' . MAIN_URL . '/verify?e=' . $email1 . '&t=' . $confirm)); //log the user in if (do_login($email1, $password1)) { $main_data = set_main_data(); } else { return false; } //success return true;
function set_main_data() { //sets the users universal main_data variable if (!isset($_SESSION['id']) || !isset($_SESSION['email'])) { return false; } //set variables $tid = sql_filter($_SESSION['id']); //users id $tuser = sql_filter($_SESSION['email']); //users email $tsessionid = sql_filter(session_id()); //users current session id $sql = sql_query("SELECT * FROM `users` WHERE id='{$tid}' AND session_id='{$tsessionid}' AND email='{$tuser}' LIMIT 1"); if (sql_count($sql) > 0) { return sql_fetch($sql); } //main users data //check if logged in somewhere else if (isset($_COOKIE['PHPSESSID'])) { //account logged in somewhere else clear_session(); session_start(); notices_set('Your account was logged in at another location. <a href="password">If you were unaware of this, please change your password »</a>', 'alert'); } else { //session expired clear_session(); session_start(); notices_set('You have been logged out for inactivity.', 'alert'); } //no good return false; }
} //last error check if ($terror) { //exit script echo notices_get(); return false; } //hash password $sql = sql_query(" SELECT id, hash_token FROM `users` WHERE email='{$email}' LIMIT 1 "); //get users unique hash token if (sql_count($sql) <= 0) { //no user found notices_set('Invalid email. <a href="password">Please request a new password reset.</a>', 'error'); do_redirect(); } $data = sql_fetch($sql); //get user data $password = password_encrypt($password1, $data['hash_token']); //use users hash token to create password //update users account sql_query(" UPDATE `users` SET confirm=NULL, password='******' WHERE id='{$data['id']}' AND email='{$email}' LIMIT 1 "); //delete old token sql_query(" DELETE FROM `password_reset` WHERE user='******'id']}' LIMIT 1 "); //cleanup old tokens sql_query(" DELETE FROM `password_reset` WHERE stamp<'" . date('Y-m-d H:i:s', strtotime('-' . PASSWORD_RESET_LIFE . ' hours')) . "' LIMIT 500 "); //send email email_send('password_change', 'Planling Password Changed', array($email => $email), array('{{%LINK%}}' => 'http://' . MAIN_URL . '/password')); //set message notices_set('Your password has successfully been changed.', 'success'); //redirect user do_redirect();