Browse code
Changed majority of files.
DoubleBastionAdmin authored on 30/11/2024 06:56:40
Showing 1 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,74 @@ |
| 1 |
+<?php |
|
| 2 |
+/** |
|
| 3 |
+ * Copyright (C) 2022, 2024 Double Bastion LLC |
|
| 4 |
+ * |
|
| 5 |
+ * This file is part of Roundpin, which is licensed under the |
|
| 6 |
+ * GNU Affero General Public License Version 3.0. The license terms |
|
| 7 |
+ * are detailed in the "LICENSE.txt" file located in the root directory. |
|
| 8 |
+ */ |
|
| 9 |
+ |
|
| 10 |
+session_start(); |
|
| 11 |
+ |
|
| 12 |
+$retrievedToken = $_GET['token']; |
|
| 13 |
+ |
|
| 14 |
+if (($retrievedToken != '') && (strlen($retrievedToken) == 55)) {
|
|
| 15 |
+ |
|
| 16 |
+ define('ACCESSCONST', TRUE);
|
|
| 17 |
+ |
|
| 18 |
+ require('db-connect.php');
|
|
| 19 |
+ |
|
| 20 |
+ // Find the user who has a token identical with the one retrieved from the link that has been clicked |
|
| 21 |
+ $registered = 0; |
|
| 22 |
+ $enabled = 1; |
|
| 23 |
+ $query0 = $mysqli->prepare("SELECT id, username, emailaddress, registered, token, temporarypass, enabled FROM app_users WHERE registered = ? AND token = ? AND enabled = ?");
|
|
| 24 |
+ $query0->bind_param("isi", $registered, $retrievedToken, $enabled);
|
|
| 25 |
+ $query0->execute(); |
|
| 26 |
+ $fetchedrow = $query0->get_result()->fetch_assoc(); |
|
| 27 |
+ |
|
| 28 |
+ if (!$fetchedrow) {
|
|
| 29 |
+ exit("Error !");
|
|
| 30 |
+ } else {
|
|
| 31 |
+ $userID = $fetchedrow['id']; |
|
| 32 |
+ $userName = $fetchedrow['username']; |
|
| 33 |
+ $tempPassword = $fetchedrow['temporarypass']; |
|
| 34 |
+ $useremail = $fetchedrow['emailaddress']; |
|
| 35 |
+ |
|
| 36 |
+ $reg = 1; |
|
| 37 |
+ $crtoken = ''; |
|
| 38 |
+ $temppass = ''; |
|
| 39 |
+ $query1 = $mysqli->prepare("UPDATE app_users SET registered = ?, token = ?, temporarypass = ? WHERE id = ?");
|
|
| 40 |
+ $query1->bind_param("issi", $reg, $crtoken, $temppass, $userID);
|
|
| 41 |
+ $query1->execute(); |
|
| 42 |
+ |
|
| 43 |
+ header("Location: new-email-message.php");
|
|
| 44 |
+ |
|
| 45 |
+ // Send the new email |
|
| 46 |
+ |
|
| 47 |
+ $domaininit = explode(".", $_SERVER['HTTP_HOST']);
|
|
| 48 |
+ array_shift($domaininit); |
|
| 49 |
+ $domain = implode(".", $domaininit);
|
|
| 50 |
+ $reqHost = $_SERVER['HTTP_HOST']; |
|
| 51 |
+ |
|
| 52 |
+ // Mention the content-type, since it's an HTML email |
|
| 53 |
+ $headers = "MIME-Version: 1.0" . "\r\n"; |
|
| 54 |
+ $headers .= "Content-type: text/html; charset=UTF-8" . "\r\n"; |
|
| 55 |
+ $headers .= "From: " . "no-reply@" . $domain . "\r\n"; |
|
| 56 |
+ |
|
| 57 |
+ $subject = "Roundpin account access"; |
|
| 58 |
+ |
|
| 59 |
+ $message = "Hello, <br><br> |
|
| 60 |
+ You can log in to your Roundpin account using the following credentials:<br><br> |
|
| 61 |
+ username: <b>".$userName."</b><br> |
|
| 62 |
+ password: <b>".$tempPassword."</b><br><br> |
|
| 63 |
+ We highly recommend to change the password provided in this email with a new strong password. After you log in to Roundpin, click on the 'Account Settings' |
|
| 64 |
+ wheel, click on 'Configure Account', then click on the 'Change Password' tab; enter your current password and a new password of at least 10 characters, |
|
| 65 |
+ containing at least one letter, one digit and one special character.<br><br> |
|
| 66 |
+ Thank you,<br> |
|
| 67 |
+ Roundpin<br> |
|
| 68 |
+ Host: '" . $reqHost . "'"; |
|
| 69 |
+ |
|
| 70 |
+ mail($useremail, $subject, $message, $headers); |
|
| 71 |
+ } |
|
| 72 |
+} |
|
| 73 |
+ |
|
| 74 |
+?> |