function authenticateLogin($link, $loginemail, $loginpasswd) { if (!$_POST[$loginpasswd]) { return "Please enter password"; } if (emailExist($link, $loginemail)) { $email = mysqli_real_escape_string($link, $_POST[$loginemail]); $passwd = mysqli_real_escape_string($link, $_POST[$loginpasswd]); $passwd = md5(md5($email) . $passwd); $query = "SELECT * FROM users WHERE email='" . $email . "' AND password='******' LIMIT 1"; $result = mysqli_query($link, $query); $row = mysqli_fetch_array($result); if ($row) { //echo "Login Successful"; $_SESSION['id'] = $row['id']; //print_r($_SESSION); } else { return "Password is incorrect"; } } else { return "Your email is not found. Try again or Sign Up"; } }
if ($_POST['pass_1'] != $_POST['pass_2']) { $alertArr[] = $ALERT['PASS_DIFF']; } if (strlen($_POST['pass_field_1']) > 30) { $alertArr[] = $ALERT['PASS_TOLONG']; } if ($_POST['pass_field_1'] && strlen($_POST['pass_field_1']) < 6) { $alertArr[] = $ALERT['PASS_TOSHORT']; } if (strlen($_POST['email']) > 140) { $alertArr[] = $ALERT['EMAIL_TOLONG']; } if ($_POST['email'] && !emailValid($_POST['email'])) { $alertArr[] = $ALERT['EMAIL_INVALID']; } if ($_POST['email'] && emailExist($_POST['email'])) { $alertArr[] = $ALERT['EMAIL_TAKEN']; } if (count($alertArr) == 0) { // Add the new account to the database // (password has already been encrypted using javascript) $_SESSION['reguname'] = $_SESSION['username']; $_SESSION['regresult'] = addNewUser($_POST['pass1'], $_POST['email']); $_SESSION['registered'] = true; $refresh = $HTTP_SERVER_VARS[PHP_SELF]; exit(include_once HTML_PATH . "html_refresh.php"); // stop script } } $alert = displayAlert($alertArr); if ($_POST['pass_field_curr']) {
return true; } else { return false; } } if (isset($_POST['signUp'])) { //Email if (!empty($_POST['email']) && !empty($_POST['email2'])) { //Emailwiederholung if ($_POST['email'] == $_POST['email2']) { $email = trim(htmlentities($_POST['email'], ENT_QUOTES, "UTF-8")); $beginning = "[a-zA-Z\\d][\\w\\.-]*[a-zA-Z\\d]"; $end = "[a-zA-Z\\d][\\w\\.-]*\\.[a-zA-Z]{2,4}"; $regExp = "/^" . $beginning . "@" . $end . "\$/"; if (preg_match($regExp, $email)) { if (emailExist($email)) { $info = "Diese Emailadresse existiert bereits."; } else { if (!empty($_POST['password']) && !empty($_POST['password2'])) { if ($_POST['password'] == $_POST['password2']) { if (strlen($_POST['password']) > 7) { $password = md5(trim(htmlentities($_POST['password'], ENT_QUOTES, "UTF-8"))); $email = $GLOBALS['DB']->escapeString($email); $password = $GLOBALS['DB']->escapeString($password); $query = "INSERT INTO user (email, password, passportID, name, firstName, street, city, zipCode, country,\r\n verifiedEmail, verifiedAccount, signUpTime) VALUES \r\n ('{$email}', '{$password}', 'notVerified', '', '', '', '', '', '', '1', '1', '" . time() . "') "; $result = $GLOBALS['DB']->query($query); //Speichern true und Emailverification true if ($result === true && makeVerificationCode($email) == true) { header("Location: signupsuccessful.php"); exit; } else {
</body> </html> '; $headers = "From: mooc@isen.fr\n"; // This is the email address the generated message will be from. We recommend using something like noreply@yourdomain.com. $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n"; $headers .= "Reply-To: {$email_address}"; //$email_body->isHTML(true); try { mail($to, $email_subject, $email_body, $headers); } catch (Exception $Excep) { echo $e->errorMessage(); echo "->erreur mail"; } return true; } $verifMail = emailExist(); $verif = formValid(); if ($verifMail == 0) { echo '<br>Mail inconnu'; } else { if ($verif == 1) { $urlResetPwd = updateIdResetPwd(); echo "<br>Url a envoyer = reset_password?id=" . $urlResetPwd; sendEmail($urlResetPwd); // envoie de l'email } else { echo '<br>wrong form'; } }
$q = "select * from " . DB_PREFIX . "forgot where email = '{$email}' limit 1"; $result = mysql_query($q, $conn); if (mysql_numrows($result) > 0) { return true; } else { return false; } } // Checks to see if the user has submitted his email address through the login form. // If so, checks authenticity in database and sends email to user to recover password. if (isset($_POST['subform'])) { // clean up $_POST['email'] = cleanString($_POST['email'], 30); // check for errors $alertArr = array(); $username = emailExist($_POST['email']); /* Check that all fields were typed in */ if (!$_POST['email']) { $alertArr[] = $ALERT['EMAIL_NO']; } if (!emailValid($_POST['email'])) { $alertArr[] = $ALERT['EMAIL_INVALID']; } if (!$username) { $alertArr[] = $ALERT['EMAIL_NOTEXIST']; } if (forgotExist($_POST['email'])) { $alertArr[] = $ALERT['EMAIL_ALREADYSENT']; } if (count($alertArr) == 0) { // add new forgotten password and send email