<?php /** * Copyright (C) 2021 Double Bastion LLC * * This file is part of Roundpin, which is licensed under the * GNU Affero General Public License Version 3.0. The license terms * are detailed in the "LICENSE.txt" file located in the root directory. */ session_start(); if (isset($_POST['verifyToken']) && ($_POST['verifyToken'] == $_SESSION['forgotpass_access'])) { define('ACCESSCONST', TRUE); require('db-connect.php'); $currentSentEmail = $_POST['emailforgot']; $currentMessage = $_POST['messageToUser']; if (($currentSentEmail != '') && ($currentMessage == '')) { // Search the database for the specified email try { $enabled = 1; $query0 = $mysqli->prepare("SELECT id, username, emailaddress, enabled FROM app_users WHERE emailaddress=? and enabled=?"); $query0->bind_param("si", $currentSentEmail, $enabled); $query0->execute(); $fetchres = $query0->get_result(); $fetchData = $fetchres->fetch_row(); if (empty($fetchData)) { $result = 'failure'; $messageonrequest = "Your email address hasn't been found !"; } else { /** * Send the verification email */ // Generate a random string to be used as the termination of the verification link function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') { $pieces = []; $max = mb_strlen($keyspace, '8bit') - 1; for ($i = 0; $i < $length; ++$i) { $pieces []= $keyspace[random_int(0, $max)]; } return implode('', $pieces); } $token = random_str(55); // Update the appropriate fields for the user having the given email address $initPassword = random_str(14); $newPassword = password_hash($initPassword, PASSWORD_DEFAULT); $userID = $fetchData[0]; $query1 = $mysqli->query("UPDATE app_users SET password = '$newPassword', registered = '0', token = '$token', temporarypass = '$initPassword' WHERE id = '$userID' AND enabled = 1"); // Create the verification email $verificationLink = $_SERVER['REQUEST_SCHEME'] . "://" . $_SERVER['HTTP_HOST'] . "/forgotpass-verification.php?token=" . $token; $domaininit = explode(".", $_SERVER['HTTP_HOST']); array_shift($domaininit); $domain = implode(".", $domaininit); $headers = "MIME-Version: 1.0" . "\r\n"; $headers .= "Content-type: text/html; charset=UTF-8" . "\r\n"; $headers .= "From: " . "no-reply@" . $domain . "\r\n"; $subject = "Roundpin email address verification"; $message = "Hello, <br><br> We have received your request related to regaining access to your account. Please verify your email address by clicking on the link below: <br><br> <a href='".$verificationLink."'>".$verificationLink."</a><br><br> Alternatively, you can copy the link and paste it in the address bar of your browser.<br><br> After email address verification you will receive a new email with further instructions.<br><br> Thank you,<br> Roundpin<br> Host: '" . $_SERVER['HTTP_HOST'] . "'"; // Send the email mail($currentSentEmail, $subject, $message, $headers); $result = 'success'; $messageonrequest = "An email has been sent to your email address. Please follow the instructions in the received email to regain access to your Roundpin account."; } } catch (mysqli_sql_exception $e) { $result = 'failure'; $messageonrequest = "An error occurred while processing your request. You can try sending your request again after a few moments !"; } $reqresponse = array('result' => $result, 'messageonrequest' => $messageonrequest); echo json_encode($reqresponse); } } else { header("Location: roundpin-login.php"); } ?>