Browse code

Created repository.

DoubleBastionAdmin authored on 26/01/2022 20:32:42
Showing 1 changed files
regain-access.php
History View file @ 06fbd76
1 1 
new file mode 100644
... ... 
@@ -0,0 +1,110 @@
1 
+<?php
2 
+/**
3 
+ *  Copyright (C) 2021  Double Bastion LLC
4 
+ *
5 
+ *  This file is part of Roundpin, which is licensed under the
6 
+ *  GNU Affero General Public License Version 3.0. The license terms
7 
+ *  are detailed in the "LICENSE.txt" file located in the root directory.
8 
+ */
9 
+
10 
+session_start();
11 
+
12 
+if (isset($_POST['verifyToken']) && ($_POST['verifyToken'] == $_SESSION['forgotpass_access'])) {
13 
+
14 
+define('ACCESSCONST', TRUE);
15 
+
16 
+require('db-connect.php');
17 
+
18 
+   $currentSentEmail = $_POST['emailforgot'];
19 
+   $currentMessage = $_POST['messageToUser'];
20 
+
21 
+   if (($currentSentEmail != '') && ($currentMessage == '')) {
22 
+
23 
+        // Search the database for the specified email
24 
+        try {
25 
+            $enabled = 1;
26 
+            $query0 = $mysqli->prepare("SELECT id, username, emailaddress, enabled FROM app_users WHERE emailaddress=? and enabled=?");
27 
+            $query0->bind_param("si", $currentSentEmail, $enabled);
28 
+            $query0->execute();
29 
+            $fetchres = $query0->get_result();
30 
+            $fetchData = $fetchres->fetch_row();
31 
+
32 
+            if (empty($fetchData)) {
33 
+
34 
+                $result = 'failure';
35 
+                $messageonrequest = "Your email address hasn't been found !";
36 
+
37 
+            } else {
38 
+
39 
+                /**
40 
+                 *  Send the verification email
41 
+                 */
42 
+
43 
+                // Generate a random string to be used as the termination of the verification link
44 
+                function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') {
45 
+                         $pieces = [];
46 
+                         $max = mb_strlen($keyspace, '8bit') - 1;
47 
+
48 
+                         for ($i = 0; $i < $length; ++$i) {
49 
+                              $pieces []= $keyspace[random_int(0, $max)];
50 
+                         }
51 
+                         return implode('', $pieces);
52 
+                }
53 
+
54 
+                $token = random_str(55);
55 
+
56 
+                // Update the appropriate fields for the user having the given email address
57 
+                $initPassword = random_str(14);
58 
+                $newPassword = password_hash($initPassword, PASSWORD_DEFAULT);
59 
+
60 
+                $userID = $fetchData[0];
61 
+
62 
+                $query1 = $mysqli->query("UPDATE app_users SET password = '$newPassword', registered = '0', token = '$token', temporarypass = '$initPassword' WHERE id = '$userID'
63 
+                                          AND enabled = 1");
64 
+
65 
+                // Create the verification email
66 
+                $verificationLink = $_SERVER['REQUEST_SCHEME'] . "://" . $_SERVER['HTTP_HOST'] . "/forgotpass-verification.php?token=" . $token;
67 
+
68 
+                $domaininit = explode(".", $_SERVER['HTTP_HOST']);
69 
+                array_shift($domaininit);
70 
+                $domain = implode(".", $domaininit);
71 
+
72 
+                $headers = "MIME-Version: 1.0" . "\r\n";
73 
+                $headers .= "Content-type: text/html; charset=UTF-8" . "\r\n";
74 
+
75 
+                $headers .= "From: " . "no-reply@" . $domain . "\r\n";
76 
+
77 
+                $subject = "Roundpin email address verification";
78 
+
79 
+                $message = "Hello, <br><br>
80 
+                            We have received your request related to regaining access to your account. Please verify your email address by clicking on
81 
+                            the link below: <br><br>
82 
+                            <a href='".$verificationLink."'>".$verificationLink."</a><br><br>
83 
+                            Alternatively, you can copy the link and paste it in the address bar of your browser.<br><br>
84 
+                            After email address verification you will receive a new email with further instructions.<br><br>
85 
+                            Thank you,<br>
86 
+                            Roundpin<br>
87 
+                            Host: '" . $_SERVER['HTTP_HOST'] . "'";
88 
+
89 
+                // Send the email
90 
+                mail($currentSentEmail, $subject, $message, $headers);
91 
+
92 
+                $result = 'success';
93 
+                $messageonrequest = "An email has been sent to your email address. Please follow the instructions in the received email to regain access to your
94 
+                                     Roundpin account.";
95 
+            }
96 
+
97 
+        } catch (mysqli_sql_exception $e) {
98 
+                $result = 'failure';
99 
+                $messageonrequest = "An error occurred while processing your request. You can try sending your request again after a few moments !";
100 
+        }
101 
+
102 
+        $reqresponse = array('result' => $result, 'messageonrequest' => $messageonrequest);
103 
+        echo json_encode($reqresponse);
104 
+   }
105 
+
106 
+} else {
107 
+     header("Location: roundpin-login.php");
108 
+}
109 
+
110 
+?>