<?php
include_once "inc/constants.inc.php";
$pageTitle = "Choose password";
include_once "inc/header.php";
//if page loads and BOTH "v" and "e" variables are passed. E.g.: http://localhost/custom_pool_site/accountverify.php?v=ec731d77113c284d&e=test@test444.com
//NOTE - MAKE SURE TO HASH EMAIL
//NOTE IF A USER ENTERS URL WITH THEIR V AND E VALUES SPECIFIED, THEY WILL BE ABLE TO CHANGE THE ACCT'S PASSWORD
if (isset($_GET['v']) && isset($_GET['e'])) {
//store variables from URL:
$verification_value = $_GET['v'];
$user_id = $_GET['e'];
include_once "inc/class.users.inc.php";
$user = new SiteUser();
$verify_account_result = $user->verifyAccount($verification_value, $user_id);
if ($verify_account_result[0] > 3) {
//if verifyAccount result is greater than 3 and we don't want the user to enter a new password:
echo $verify_account_result[1];
}
}
//if form is submitted and the input passwords are correct length and match each other:
if (isset($_POST['form_sent']) && strlen($_POST['p']) > 7 && $_POST['p'] === $_POST['r']) {
include_once "inc/class.users.inc.php";
$user = new SiteUser();
//$username_entry = $_POST['username'];
$password_entry1 = $_POST['p'];
$password_entry2 = $_POST['r'];
$user_id = $_POST['form_sent'];
//store user ID from hidden field in form as $user_id variable (hidden field value comes from URL)
//store entered password in database:
$updatePassword_result = $user->updatePassword($password_entry1, $password_entry2, $user_id);
<?php
include_once "inc/constants.inc.php";
$pageTitle = "Reset Password";
if (isset($_GET['v']) && isset($_GET['user_id'])) {
//if the user arrives here with the v and user_id variables properly set, we want to set their 'Account Activated' field in the user table to 1, so we run the verifyAccount method:
//NOTE: the below code gets called before the user enters their new password:
include_once "inc/class.users.inc.php";
$user = new SiteUser();
$ret = $user->verifyAccount($_GET['v'], $_GET['user_id']);
} else {
//redirect to home page if "v" and "user id" variables are not properly set in URL
header("Location: home.php");
exit;
}
include_once "inc/header.php";
?>
<br>
<div style="margin-left:20px;">
<h2>Reset Your Password</h2>
<form method="post" action="accountverify.php?e=<?php
echo $_GET['user_id'];
?>
">
<div>
<label for="p">Choose a New Password:</label>
<input type="password" name="p" id="p" /><br />
<label for="r">Re-Type Password:</label>
<input type="password" name="r" id="r" /><br />
<input type="hidden" name="v" value="<?php
<?php
include_once "constants.inc.php";
$pageTitle = "TEST VERIFY";
include_once "header.php";
//if page loads and form is not blank:
if (!empty($_POST['email']) and !empty($_POST['verification'])) {
//JUST FOR TESTING PURPOSES: set entered verification code as $verification_value variable
$verification_value = $_POST['verification'];
$email_value = $_POST['email'];
include_once "class.users.inc.php";
$user = new SiteUser();
$user->verifyAccount($verification_value, $email_value);
//if page loads and form is blank:
} else {
?>
<h2>TEST PAGE: Please Verify your account</h2>
<form method="post" action="accountverify_test.php">
<div>
<!--Email input below is just for test purposes-->
<label for="p">Enter your email address here</label>
<input type="text" name="email" id="email" /><br />
<!--Verification code input below is just for test purposes-->
<label for="p">Enter your verification code here</label>
<input type="text" name="verification" id="verification" /><br />
<input type="hidden" name="form_sent" value="<?php
echo $_GET['form_sent'];
