Browse code

Changed majority of files.

DoubleBastionAdmin authored on 30/11/2024 06:56:40
Showing 1 changed files
src/regain-access.php
History View file @ e8a619c
1 1 
new file mode 100644
... ... 
@@ -0,0 +1,113 @@
1 
+<?php
2 
+/**
3 
+ *  Copyright (C) 2021  Double Bastion LLC
4 
+ *
5 
+ *  This file is part of Roundpin, which is licensed under the
6 
+ *  GNU Affero General Public License Version 3.0. The license terms
7 
+ *  are detailed in the "LICENSE.txt" file located in the root directory.
8 
+ */
9 
+
10 
+session_start();
11 
+
12 
+ // header('Set-Cookie: PHPSESSID= ' . session_id() . '; SameSite=strict; Secure=true; HttpOnly=true;');
13 
+
14 
+if (isset($_POST['verifyToken']) && ($_POST['verifyToken'] == $_SESSION['forgotpass_access'])) {
15 
+
16 
+define('ACCESSCONST', TRUE);
17 
+
18 
+require('db-connect.php');
19 
+
20 
+   $currentSentEmail = $_POST['emailforgot'];
21 
+   $currentMessage = $_POST['messageToUser'];
22 
+
23 
+   if (($currentSentEmail != '') && ($currentMessage == '')) {
24 
+
25 
+        // Search the database for the specified email
26 
+        try {
27 
+            $enabled = 1;
28 
+            $query0 = $mysqli->prepare("SELECT id, username, emailaddress, enabled FROM app_users WHERE emailaddress = ? and enabled = ?");
29 
+            $query0->bind_param("si", $currentSentEmail, $enabled);
30 
+            $query0->execute();
31 
+            $fetchData = $query0->get_result()->fetch_assoc();
32 
+
33 
+            if (!$fetchData) {
34 
+
35 
+                $result = 'failure';
36 
+                $messageonrequest = "Your email address hasn't been found !";
37 
+
38 
+            } else {
39 
+
40 
+                /**
41 
+                 *  Send the verification email
42 
+                 */
43 
+
44 
+                // Generate a random string to be used as the termination of the verification link
45 
+                function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') {
46 
+                         $pieces = [];
47 
+                         $max = mb_strlen($keyspace, '8bit') - 1;
48 
+
49 
+                         for ($i = 0; $i < $length; ++$i) {
50 
+                              $pieces []= $keyspace[random_int(0, $max)];
51 
+                         }
52 
+                         return implode('', $pieces);
53 
+                }
54 
+
55 
+                $token = random_str(55);
56 
+
57 
+                // Update the appropriate fields for the user having the given email address
58 
+                $initPassword = random_str(14);
59 
+                $newPassword = password_hash($initPassword, PASSWORD_DEFAULT);
60 
+
61 
+                $userID = $fetchData['id'];
62 
+                $reg = 0;
63 
+                $enabled = 1;
64 
+                $query1 = $mysqli->prepare("UPDATE app_users SET password = ?, registered = ?, token = ?, temporarypass = ? WHERE id = ? AND enabled = ?");
65 
+                $query1->bind_param("sissii", $newPassword, $reg, $token, $initPassword, $userID, $enabled);
66 
+                $query1->execute();
67 
+
68 
+                // Create the verification email
69 
+                $verificationLink = $_SERVER['REQUEST_SCHEME'] . "://" . $_SERVER['HTTP_HOST'] . "/src/forgotpass-verification.php?token=" . $token;
70 
+
71 
+                $domaininit = explode(".", $_SERVER['HTTP_HOST']);
72 
+                array_shift($domaininit);
73 
+                $domain = implode(".", $domaininit);
74 
+
75 
+                $headers = "MIME-Version: 1.0" . "\r\n";
76 
+                $headers .= "Content-type: text/html; charset=UTF-8" . "\r\n";
77 
+
78 
+                $headers .= "From: " . "no-reply@" . $domain . "\r\n";
79 
+
80 
+                $subject = "Roundpin email address verification";
81 
+
82 
+                $message = "Hello, <br><br>
83 
+                            We have received your request related to regaining access to your account. Please verify your email address by clicking on
84 
+                            the link below: <br><br>
85 
+                            <a href='".$verificationLink."'>".$verificationLink."</a><br><br>
86 
+                            Alternatively, you can copy the link and paste it in the address bar of your browser.<br><br>
87 
+                            After email address verification you will receive a new email with further instructions.<br><br>
88 
+                            Thank you,<br>
89 
+                            Roundpin<br>
90 
+                            Host: '" . $_SERVER['HTTP_HOST'] . "'";
91 
+
92 
+                // Send the email
93 
+                mail($currentSentEmail, $subject, $message, $headers);
94 
+
95 
+                $result = 'success';
96 
+                $messageonrequest = "An email has been sent to your email address. Please follow the instructions in the received email to regain access to your
97 
+                                     Roundpin account.";
98 
+            }
99 
+
100 
+        } catch (mysqli_sql_exception $e) {
101 
+                $result = 'failure';
102 
+                $messageonrequest = "An error occurred while processing your request. You can try sending your request again after a few moments !";
103 
+        }
104 
+
105 
+        $reqresponse = array('result' => $result, 'messageonrequest' => $messageonrequest);
106 
+        echo json_encode($reqresponse);
107 
+   }
108 
+
109 
+} else {
110 
+     header("Location: ../login.php");
111 
+}
112 
+
113 
+?>