<?php
/**
* Copyright (C) 2021 Double Bastion LLC
*
* This file is part of Roundpin, which is licensed under the
* GNU Affero General Public License Version 3.0. The license terms
* are detailed in the "LICENSE.txt" file located in the root directory.
*/
session_start();
if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {
define('ACCESSCONST', TRUE);
require('db-connect.php');
$username = $_POST['username'];
$currentEmail = $_POST['current_email'];
$newEmail = $_POST['new_email'];
// Get the email address of the current user from the 'app_users' table
$queryemail = $mysqli->query("SELECT id, username, emailaddress, enabled FROM app_users WHERE username = '$username' AND enabled = 1");
$emailfromdb = $queryemail->fetch_row();
$fetchedemailfromdb = $emailfromdb[2];
// Check if there is any other user with the same email address as the new email address
$getemails = $mysqli->query("SELECT emailaddress FROM app_users");
$duplicateemail = 0;
while ($row = $getemails->fetch_row()) {
if ($newEmail == $row[0]) {
$duplicateemail = 1;
break;
}
}
if ($fetchedemailfromdb == $currentEmail) {
if ($duplicateemail == 0) {
/**
* Send the verification email
*/
// Generate a random string to be used as the termination of the verification link
function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') {
$pieces = [];
$max = mb_strlen($keyspace, '8bit') - 1;
for ($i = 0; $i < $length; ++$i) {
$pieces []= $keyspace[random_int(0, $max)];
}
return implode('', $pieces);
}
$token = random_str(55);
// Enter the new token in the database
$entertokenquery = $mysqli->query("UPDATE app_users SET token = '$token' WHERE username = '$username' AND registered = 1 AND enabled = 1");
// Create the verification email
$verificationLink = $_SERVER['REQUEST_SCHEME'] . "://" . $_SERVER['HTTP_HOST'] . "/change-email-verification.php?token=" . $token . "&newemail=" . $newEmail;
$domaininit = explode(".", $_SERVER['HTTP_HOST']);
array_shift($domaininit);
$domain = implode(".", $domaininit);
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type: text/html; charset=UTF-8" . "\r\n";
$headers .= "From: " . "no-reply@" . $domain . "\r\n";
$subject = "Roundpin email address verification";
$message = "Hello, <br><br>
We have received your email address change request. To change your current Roundpin email address, please verify your address by clicking on
the link from below: <br><br>
<a href='".$verificationLink."'>".$verificationLink."</a><br><br>
Alternatively, you can copy the link and paste it in the address bar of your browser.<br><br>
After email address verification, your new email address will be assigned to your Roundpin account and saved to the database.<br><br>
Thank you,<br>
Roundpin<br>
Host: '" . $_SERVER['HTTP_HOST'] . "'";
// Send the verification email
mail($newEmail, $subject, $message, $headers);
$emailchangemessage = "An email has been sent to your new email address. Please click on the link included in the received email to change your Roundpin user email address.";
} else { $emailchangemessage = "The new email address is already used by another Roundpin user. Please, choose a different email address!"; }
} else { $emailchangemessage = "The email address you have entered in the 'Current Email' field doesn't match your current email address!"; }
echo json_encode($emailchangemessage);
} else {
header("Location: roundpin-login.php");
}
?>