new file mode 100644

@@ -0,0 +1,82 @@

+<?php

+/**

+ * @copyright 2024 Double Bastion LLC <www.doublebastion.com>

+ *

+ * @author Double Bastion LLC

+ *

+ * @license GNU AGPL version 3 or any later version

+ *

+ * This program is free software; you can redistribute it and/or

+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE

+ * License as published by the Free Software Foundation; either

+ * version 3 of the License, or any later version.

+ *

+ * This program is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.

+ *

+ * You should have received a copy of the GNU Affero General Public

+ * License along with this program.  If not, see <http://www.gnu.org/licenses/>.

+ *

+ */

+

+$retrievedToken = $_GET['token'];

+

+if (($retrievedToken != '') && (strlen($retrievedToken) == 55)) {

+

+  define('ACCESSCONST', TRUE);

+

+  require('db-connect.php');

+

+    // Check if any user has a token identical with the one retrieved from the link that has been clicked

+    $registered = '0';

+    $query0 = $mysqli->prepare("SELECT id, username, emailaddress, registered, token, temporary FROM panelusers WHERE registered=? AND token=?");

+    $query0->bind_param("ss", $registered, $retrievedToken);

+    $query0->execute();

+    $fetchedrow = $query0->get_result()->fetch_assoc();

+

+    if (!$fetchedrow) {

+        $query0->close();

+        die("Error !");

+    } else {

+        $userID = $fetchedrow['id'];

+        $userName = $fetchedrow['username'];

+        $tempPassword = $fetchedrow['temporary'];

+        $useremail = $fetchedrow['emailaddress'];

+        $query0->close();

+

+        $query1 = $mysqli->query("UPDATE panelusers SET registered = '1', token = '', temporary = '' WHERE id = '$userID'");

+        header("Location: new-email-message.php");

+

+        // Send the new email

+

+        $domaininit = explode(".", $_SERVER['HTTP_HOST']);

+        array_shift($domaininit);

+        $domain = implode(".", $domaininit);

+        $reqScheme = $_SERVER['REQUEST_SCHEME'];

+        $reqHost = $_SERVER['HTTP_HOST'];

+

+        // Mention the content-type, since it's an HTML email

+        $headers = "MIME-Version: 1.0" . "\r\n";

+        $headers .= "Content-type: text/html; charset=UTF-8" . "\r\n";

+        $headers .= "From: " . "no-reply@" . $domain . "\r\n";

+

+        $subject = "RED SCARF Suite Panel account access";

+

+        $message = "Hello, <br><br>

+                    You can log in to your RED SCARF Suite Panel account using the following credentials:<br><br>

+                    username:  <b>".$userName."</b><br>

+                    password:  <b>".$tempPassword."</b><br><br>

+                    We highly recommend to change the password provided in this email with a new strong password. After you access the

+                    <a href='" . $reqScheme . "://" . $reqHost . "/panel-login.php'>log in page</a>, go to 'Settings' > 'Change password' and choose a new

+                    password of at least 10 characters, containing at least one letter, one digit and one special character.<br><br>

+                    Thank you,<br>

+                    RED SCARF Suite Panel<br>

+                    Host: '" . $reqHost . "'";

+

+        mail($useremail, $subject, $message, $headers);

+      }

+}

+

+?>