Browse code
Changed majority of files.
DoubleBastionAdmin authored on 30/11/2024 06:56:40
Showing 1 changed files
| 1 | 1 |
deleted file mode 100644 |
| ... | ... |
@@ -1,110 +0,0 @@ |
| 1 |
-<?php |
|
| 2 |
-/** |
|
| 3 |
- * Copyright (C) 2021 Double Bastion LLC |
|
| 4 |
- * |
|
| 5 |
- * This file is part of Roundpin, which is licensed under the |
|
| 6 |
- * GNU Affero General Public License Version 3.0. The license terms |
|
| 7 |
- * are detailed in the "LICENSE.txt" file located in the root directory. |
|
| 8 |
- */ |
|
| 9 |
- |
|
| 10 |
-session_start(); |
|
| 11 |
- |
|
| 12 |
-if (isset($_POST['verifyToken']) && ($_POST['verifyToken'] == $_SESSION['forgotpass_access'])) {
|
|
| 13 |
- |
|
| 14 |
-define('ACCESSCONST', TRUE);
|
|
| 15 |
- |
|
| 16 |
-require('db-connect.php');
|
|
| 17 |
- |
|
| 18 |
- $currentSentEmail = $_POST['emailforgot']; |
|
| 19 |
- $currentMessage = $_POST['messageToUser']; |
|
| 20 |
- |
|
| 21 |
- if (($currentSentEmail != '') && ($currentMessage == '')) {
|
|
| 22 |
- |
|
| 23 |
- // Search the database for the specified email |
|
| 24 |
- try {
|
|
| 25 |
- $enabled = 1; |
|
| 26 |
- $query0 = $mysqli->prepare("SELECT id, username, emailaddress, enabled FROM app_users WHERE emailaddress=? and enabled=?");
|
|
| 27 |
- $query0->bind_param("si", $currentSentEmail, $enabled);
|
|
| 28 |
- $query0->execute(); |
|
| 29 |
- $fetchres = $query0->get_result(); |
|
| 30 |
- $fetchData = $fetchres->fetch_row(); |
|
| 31 |
- |
|
| 32 |
- if (empty($fetchData)) {
|
|
| 33 |
- |
|
| 34 |
- $result = 'failure'; |
|
| 35 |
- $messageonrequest = "Your email address hasn't been found !"; |
|
| 36 |
- |
|
| 37 |
- } else {
|
|
| 38 |
- |
|
| 39 |
- /** |
|
| 40 |
- * Send the verification email |
|
| 41 |
- */ |
|
| 42 |
- |
|
| 43 |
- // Generate a random string to be used as the termination of the verification link |
|
| 44 |
- function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') {
|
|
| 45 |
- $pieces = []; |
|
| 46 |
- $max = mb_strlen($keyspace, '8bit') - 1; |
|
| 47 |
- |
|
| 48 |
- for ($i = 0; $i < $length; ++$i) {
|
|
| 49 |
- $pieces []= $keyspace[random_int(0, $max)]; |
|
| 50 |
- } |
|
| 51 |
- return implode('', $pieces);
|
|
| 52 |
- } |
|
| 53 |
- |
|
| 54 |
- $token = random_str(55); |
|
| 55 |
- |
|
| 56 |
- // Update the appropriate fields for the user having the given email address |
|
| 57 |
- $initPassword = random_str(14); |
|
| 58 |
- $newPassword = password_hash($initPassword, PASSWORD_DEFAULT); |
|
| 59 |
- |
|
| 60 |
- $userID = $fetchData[0]; |
|
| 61 |
- |
|
| 62 |
- $query1 = $mysqli->query("UPDATE app_users SET password = '$newPassword', registered = '0', token = '$token', temporarypass = '$initPassword' WHERE id = '$userID'
|
|
| 63 |
- AND enabled = 1"); |
|
| 64 |
- |
|
| 65 |
- // Create the verification email |
|
| 66 |
- $verificationLink = $_SERVER['REQUEST_SCHEME'] . "://" . $_SERVER['HTTP_HOST'] . "/forgotpass-verification.php?token=" . $token; |
|
| 67 |
- |
|
| 68 |
- $domaininit = explode(".", $_SERVER['HTTP_HOST']);
|
|
| 69 |
- array_shift($domaininit); |
|
| 70 |
- $domain = implode(".", $domaininit);
|
|
| 71 |
- |
|
| 72 |
- $headers = "MIME-Version: 1.0" . "\r\n"; |
|
| 73 |
- $headers .= "Content-type: text/html; charset=UTF-8" . "\r\n"; |
|
| 74 |
- |
|
| 75 |
- $headers .= "From: " . "no-reply@" . $domain . "\r\n"; |
|
| 76 |
- |
|
| 77 |
- $subject = "Roundpin email address verification"; |
|
| 78 |
- |
|
| 79 |
- $message = "Hello, <br><br> |
|
| 80 |
- We have received your request related to regaining access to your account. Please verify your email address by clicking on |
|
| 81 |
- the link below: <br><br> |
|
| 82 |
- <a href='".$verificationLink."'>".$verificationLink."</a><br><br> |
|
| 83 |
- Alternatively, you can copy the link and paste it in the address bar of your browser.<br><br> |
|
| 84 |
- After email address verification you will receive a new email with further instructions.<br><br> |
|
| 85 |
- Thank you,<br> |
|
| 86 |
- Roundpin<br> |
|
| 87 |
- Host: '" . $_SERVER['HTTP_HOST'] . "'"; |
|
| 88 |
- |
|
| 89 |
- // Send the email |
|
| 90 |
- mail($currentSentEmail, $subject, $message, $headers); |
|
| 91 |
- |
|
| 92 |
- $result = 'success'; |
|
| 93 |
- $messageonrequest = "An email has been sent to your email address. Please follow the instructions in the received email to regain access to your |
|
| 94 |
- Roundpin account."; |
|
| 95 |
- } |
|
| 96 |
- |
|
| 97 |
- } catch (mysqli_sql_exception $e) {
|
|
| 98 |
- $result = 'failure'; |
|
| 99 |
- $messageonrequest = "An error occurred while processing your request. You can try sending your request again after a few moments !"; |
|
| 100 |
- } |
|
| 101 |
- |
|
| 102 |
- $reqresponse = array('result' => $result, 'messageonrequest' => $messageonrequest);
|
|
| 103 |
- echo json_encode($reqresponse); |
|
| 104 |
- } |
|
| 105 |
- |
|
| 106 |
-} else {
|
|
| 107 |
- header("Location: roundpin-login.php");
|
|
| 108 |
-} |
|
| 109 |
- |
|
| 110 |
-?> |
Browse code
Created repository.
DoubleBastionAdmin authored on 26/01/2022 20:32:42
Showing 1 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,110 @@ |
| 1 |
+<?php |
|
| 2 |
+/** |
|
| 3 |
+ * Copyright (C) 2021 Double Bastion LLC |
|
| 4 |
+ * |
|
| 5 |
+ * This file is part of Roundpin, which is licensed under the |
|
| 6 |
+ * GNU Affero General Public License Version 3.0. The license terms |
|
| 7 |
+ * are detailed in the "LICENSE.txt" file located in the root directory. |
|
| 8 |
+ */ |
|
| 9 |
+ |
|
| 10 |
+session_start(); |
|
| 11 |
+ |
|
| 12 |
+if (isset($_POST['verifyToken']) && ($_POST['verifyToken'] == $_SESSION['forgotpass_access'])) {
|
|
| 13 |
+ |
|
| 14 |
+define('ACCESSCONST', TRUE);
|
|
| 15 |
+ |
|
| 16 |
+require('db-connect.php');
|
|
| 17 |
+ |
|
| 18 |
+ $currentSentEmail = $_POST['emailforgot']; |
|
| 19 |
+ $currentMessage = $_POST['messageToUser']; |
|
| 20 |
+ |
|
| 21 |
+ if (($currentSentEmail != '') && ($currentMessage == '')) {
|
|
| 22 |
+ |
|
| 23 |
+ // Search the database for the specified email |
|
| 24 |
+ try {
|
|
| 25 |
+ $enabled = 1; |
|
| 26 |
+ $query0 = $mysqli->prepare("SELECT id, username, emailaddress, enabled FROM app_users WHERE emailaddress=? and enabled=?");
|
|
| 27 |
+ $query0->bind_param("si", $currentSentEmail, $enabled);
|
|
| 28 |
+ $query0->execute(); |
|
| 29 |
+ $fetchres = $query0->get_result(); |
|
| 30 |
+ $fetchData = $fetchres->fetch_row(); |
|
| 31 |
+ |
|
| 32 |
+ if (empty($fetchData)) {
|
|
| 33 |
+ |
|
| 34 |
+ $result = 'failure'; |
|
| 35 |
+ $messageonrequest = "Your email address hasn't been found !"; |
|
| 36 |
+ |
|
| 37 |
+ } else {
|
|
| 38 |
+ |
|
| 39 |
+ /** |
|
| 40 |
+ * Send the verification email |
|
| 41 |
+ */ |
|
| 42 |
+ |
|
| 43 |
+ // Generate a random string to be used as the termination of the verification link |
|
| 44 |
+ function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') {
|
|
| 45 |
+ $pieces = []; |
|
| 46 |
+ $max = mb_strlen($keyspace, '8bit') - 1; |
|
| 47 |
+ |
|
| 48 |
+ for ($i = 0; $i < $length; ++$i) {
|
|
| 49 |
+ $pieces []= $keyspace[random_int(0, $max)]; |
|
| 50 |
+ } |
|
| 51 |
+ return implode('', $pieces);
|
|
| 52 |
+ } |
|
| 53 |
+ |
|
| 54 |
+ $token = random_str(55); |
|
| 55 |
+ |
|
| 56 |
+ // Update the appropriate fields for the user having the given email address |
|
| 57 |
+ $initPassword = random_str(14); |
|
| 58 |
+ $newPassword = password_hash($initPassword, PASSWORD_DEFAULT); |
|
| 59 |
+ |
|
| 60 |
+ $userID = $fetchData[0]; |
|
| 61 |
+ |
|
| 62 |
+ $query1 = $mysqli->query("UPDATE app_users SET password = '$newPassword', registered = '0', token = '$token', temporarypass = '$initPassword' WHERE id = '$userID'
|
|
| 63 |
+ AND enabled = 1"); |
|
| 64 |
+ |
|
| 65 |
+ // Create the verification email |
|
| 66 |
+ $verificationLink = $_SERVER['REQUEST_SCHEME'] . "://" . $_SERVER['HTTP_HOST'] . "/forgotpass-verification.php?token=" . $token; |
|
| 67 |
+ |
|
| 68 |
+ $domaininit = explode(".", $_SERVER['HTTP_HOST']);
|
|
| 69 |
+ array_shift($domaininit); |
|
| 70 |
+ $domain = implode(".", $domaininit);
|
|
| 71 |
+ |
|
| 72 |
+ $headers = "MIME-Version: 1.0" . "\r\n"; |
|
| 73 |
+ $headers .= "Content-type: text/html; charset=UTF-8" . "\r\n"; |
|
| 74 |
+ |
|
| 75 |
+ $headers .= "From: " . "no-reply@" . $domain . "\r\n"; |
|
| 76 |
+ |
|
| 77 |
+ $subject = "Roundpin email address verification"; |
|
| 78 |
+ |
|
| 79 |
+ $message = "Hello, <br><br> |
|
| 80 |
+ We have received your request related to regaining access to your account. Please verify your email address by clicking on |
|
| 81 |
+ the link below: <br><br> |
|
| 82 |
+ <a href='".$verificationLink."'>".$verificationLink."</a><br><br> |
|
| 83 |
+ Alternatively, you can copy the link and paste it in the address bar of your browser.<br><br> |
|
| 84 |
+ After email address verification you will receive a new email with further instructions.<br><br> |
|
| 85 |
+ Thank you,<br> |
|
| 86 |
+ Roundpin<br> |
|
| 87 |
+ Host: '" . $_SERVER['HTTP_HOST'] . "'"; |
|
| 88 |
+ |
|
| 89 |
+ // Send the email |
|
| 90 |
+ mail($currentSentEmail, $subject, $message, $headers); |
|
| 91 |
+ |
|
| 92 |
+ $result = 'success'; |
|
| 93 |
+ $messageonrequest = "An email has been sent to your email address. Please follow the instructions in the received email to regain access to your |
|
| 94 |
+ Roundpin account."; |
|
| 95 |
+ } |
|
| 96 |
+ |
|
| 97 |
+ } catch (mysqli_sql_exception $e) {
|
|
| 98 |
+ $result = 'failure'; |
|
| 99 |
+ $messageonrequest = "An error occurred while processing your request. You can try sending your request again after a few moments !"; |
|
| 100 |
+ } |
|
| 101 |
+ |
|
| 102 |
+ $reqresponse = array('result' => $result, 'messageonrequest' => $messageonrequest);
|
|
| 103 |
+ echo json_encode($reqresponse); |
|
| 104 |
+ } |
|
| 105 |
+ |
|
| 106 |
+} else {
|
|
| 107 |
+ header("Location: roundpin-login.php");
|
|
| 108 |
+} |
|
| 109 |
+ |
|
| 110 |
+?> |