API tools faq
paste
Advertisement
lowheartrate

action.php

lowheartrate
Nov 28th, 2016
360
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 19.28 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. error_reporting(-1);
  3. ini_set('display_errors', 'true');
  4.  
  5. // include common.inc.php
  6. include 'core/common.inc.php';
  7. // get what action user is here for
  8. $action = $_GET['action'];
  9.  
  10. // if user is here to sign in to their account
  11. if ($action == 'sign_in') {
  12.   // protect from users already logged in
  13.   protect();
  14.  
  15.   // show navbar & set page title to 'Log In to account'
  16.   showHeader('Sign In to account');
  17.  
  18.   // show loginModule for user to sign in to
  19.   loginModule();
  20. }
  21.  
  22. // if user is here to logout to their account
  23. if ($action == 'logout') {
  24.   // hide all errors
  25.   //error_reporting(0);
  26.  
  27.   // set page title to 'logout' & show navbar
  28.   showHeader('logout');
  29.  
  30.   // protect from users that aren't already logged in...
  31.   protect2();
  32.  
  33.   // destroy session (log out)
  34.   session_destroy();
  35.  
  36.   // notify user logout was successful
  37.   echo '<p class="success">logout successful</p>';
  38.   echo '<p class="info">If you have not been redirected, try to <a href="index.php">refresh</a> your page.</p>';
  39.  
  40.   // redirect user to homepage & exit();
  41.   redirect('index.php');
  42. }
  43.  
  44. if ($action == "register_account") {
  45.   echo '<br>Line: ' .__LINE__; die;
  46.   // hide all errors
  47.   //error_reporting(0);
  48.  
  49.   // show navbar and set title to 'Register Account'
  50.   showHeader('Register Account');
  51.  
  52.   // protect page from users that are already logged in
  53.   protect();
  54.  
  55.   // include function to make sure registration form checks for errors
  56.   function checkRegisterErrors() {
  57.     if(isset($_POST['submit_registration'])){
  58.         require 'core/findConflict.php';
  59.         $username = $_POST['username'];
  60.         $password = $_POST['password'];
  61.         $cpassword = $_POST['cpassword'];
  62.         $email = $_POST['email'];
  63.         $hash = password_hash($password, PASSWORD_DEFAULT);
  64.         $query = dbConnect()->prepare("SELECT email, username FROM users WHERE username = :username OR email = :email");
  65.         $query->bindParam(':username', $username);
  66.         $query->bindParam(':email', $email);
  67.         $query->execute();
  68.         $conflictingItems = [];
  69.         while ( $result = $query->fetch( PDO::FETCH_ASSOC ) ) {
  70.             $conflictingItems[] = $result;
  71.         }
  72.         // for checking checkGoogleCaptcha() function!!
  73.         require_once 'core/recaptchalib.php';
  74.         if(isset($_POST['g-recaptcha-response']))
  75.         $captcha = $_POST['g-recaptcha-response'];
  76.         $response = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6Levrg4TAAAAAFmjcgKW8kDakmXTiBhmiCnUMchD&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']), true);
  77.  
  78.         if ( count ($conflictingItems) == 1 ) {
  79.           switch ( getConflict($conflictingItems, $username, $email) ) {
  80.               case 1:
  81.               // username conflict
  82.               echo "<p class='error'>username taken</p>";
  83.               break;
  84.               case 2:
  85.               // Email conflict
  86.               echo "<p class='error'>email already in use</p>";
  87.               break;
  88.               case 3:
  89.               // email & username conflict
  90.               echo '<p class="error">username & email in use</p>';
  91.               break;
  92.           }
  93.         } elseif ( count($conflictingItems) == 2 ) {
  94.           echo 'username & email already in use';
  95.  
  96.         // check if passwords match!
  97.         } elseif ($password != $cpassword) {
  98.           echo '<p class="error">passwords do not match</p>';
  99.  
  100.         // make sure password is between 8 - 16 characters
  101.         } elseif (strlen($password) < 8 OR strlen($password) > 16) {
  102.           echo '<p class="error">password must be between 8 & 16 characters</p>';
  103.  
  104.         // checks to make sure google recaptcha was posted!
  105.         } elseif (!$captcha) {
  106.           echo '<p class="error">please complete the captcha</p>';
  107.         } elseif($response['success'] == false) {
  108.           echo '<p class="error">you are a robot</p>';
  109.  
  110.  
  111.         } else {
  112.           // require config.php to get maximum file size --> $maximum_avatar_file_size = '125000';
  113.           //                    to get avatars directory --> $avatars_directory = 'includes/uploads/avatars';
  114.           require 'core/config.php';
  115.  
  116.           // need for file upload query & query to insert fields into database..
  117.           $activation_id = uniqid(true);
  118.  
  119.           // file upload stuff... ONLY NEEDED FOR TESTING PURPOSES!
  120.           // var_dump($_FILES);
  121.  
  122.           // move uploaded file to directory (includes/uploads/avatar)
  123.           $upload_directory = $avatars_directory;
  124.           // sets $image & gets image type, name, tmp_name
  125.           $image = $_FILES['avatar'];
  126.           $image_name = $_FILES['avatar']['name'];
  127.           $image_tmp_name = $_FILES['avatar']['tmp_name'];
  128.           $image_size = $_FILES['avatar']['size'];
  129.           $image_type = $_FILES['avatar']['type'];
  130.  
  131.           // set file name (make it unique)
  132.           $file_name = $activation_id . $image_name;
  133.  
  134.           // finds extension of file uploaded...
  135.           $image_extension = strtolower(pathinfo($_FILES['avatar']['name'],PATHINFO_EXTENSION));
  136.           // allowed extensions of file uploaded...
  137.           $valid_image_extensions = array('jpeg', 'jpg', 'png', 'gif');
  138.  
  139.           // if image extension is a valid image extension...
  140.           if (in_array($image_extension, $valid_image_extensions)) {
  141.             if ($image_size > $maximum_avatar_file_size) {
  142.               echo '<p class="error">error; file size is too large! Maximum file size is ' .$maximum_avatar_file_size. ' bytes. <a href="action.php?action=register_account">Retry Registration</a></p>';
  143.             } else {
  144.               // move the file to desired directory ($upload_directory)
  145.               move_uploaded_file($image_tmp_name, "$upload_directory/$file_name");
  146.             }
  147.           }
  148.  
  149.  
  150.           // query to insert fields into database...
  151.           //$activation_id = uniqid(true);
  152.           $query = dbConnect()->prepare("INSERT INTO users (username, password, email, activated, activation_id, avatar) VALUES (:username, :password, :email, :activated, :activation_id, :avatar)");
  153.           $query->bindParam(':username', $username);
  154.           $query->bindParam(':email', $email);
  155.           $query->bindParam(':password', $hash);
  156.           $query->bindValue(':activated', "0");
  157.           $query->bindValue(':activation_id', $activation_id);
  158.           $query->bindValue(':avatar', $file_name);
  159.           $query->execute();
  160.  
  161.           // set variables for optional fields...
  162.           $firstName = $_POST['first_name'];
  163.           $lastName = $_POST['last_name'];
  164.           $birthday = $_POST['birthday'];
  165.           $steam_profile = $_POST['steam_profile'];
  166.           $twitter_profile = $_POST['twitter_profile'];
  167.           $facebook_profile = $_POST['facebook_profile'];
  168.           $instagram_profile = $_POST['instagram_profile'];
  169.  
  170.           // update user_details database
  171.           $query2 = dbConnect()->prepare("INSERT INTO user_details (first_name, last_name, birthday, steam_profile, twitter_profile, facebook_profile, instagram_profile) VALUES (:firstName, :lastName, :birthday, :steam, :twitter, :facebook, :instagram)");
  172.           $query2->bindParam(':firstName', $firstName);
  173.           $query2->bindParam(':lastName', $lastName);
  174.           $query2->bindParam(':birthday', $birthday);
  175.           $query2->bindParam(':steam', $steam_profile);
  176.           $query2->bindParam(':twitter', $twitter_profile);
  177.           $query2->bindParam(':facebook', $facebook_profile);
  178.           $query2->bindParam(':instagram', $instagram_profile);
  179.           $query2->execute();
  180.  
  181.           // query to add image name to database to echo later on...
  182.           /*
  183.           $add_image_to_database = dbConnect()->prepare("INSERT INTO users (avatar) VALUES (:avatar)");
  184.           $add_image_to_database->bindParam(':avatar', $file_name);
  185.           $add_image_to_database->execute();
  186.           */
  187.  
  188.           // send email verification
  189.           require 'core/config.php';
  190.           $subject = $url . 'Registration Confirmation';
  191.           $link = 'http://' . $url. "/activate.php?activation_id=" . $activation_id;
  192.           $message = 'Thanks for registering with us! Please verify your account at' . $link . ' so you can login.';
  193.           $headers = 'From: ' .$contact_email;
  194.           mail($email/* <-- Who its being sent to */, $subject, $message, $headers);
  195.           echo '<p class="info">registration successful, please verify email before logging in.</p>';
  196.  
  197.           header('refresh:5;url=index.php');
  198.  
  199.           echo '<p class="info">if you are not redirected, try to <a href="index.php">refresh</a> your page.</p>';
  200.         }
  201.     }
  202.   }
  203.  
  204.   // echo registration form
  205.   echo '
  206.  <center>
  207.    <form enctype="multipart/form-data" action="" method="post" class="register_module">
  208.  
  209.      <h2 style="text-align:left;font-family:"Roboto",sans-serif;">Account Credentials<span style="font-size:12px;font-weight:400;"> (required)</span></h2>
  210.  
  211.      <div class="account_credentials">
  212.        <input class="register_module protect_from_spaces" type="text" name="username" placeholder="choose a username*" maxlength="30" required><br />
  213.        <input class="register_module protect_from_spaces" type="email" name="email" placeholder="email address*" required><br />
  214.  
  215.        <div class="row_inline">
  216.          <input class="register_module input protect_from_spaces" type="password" name="password" placeholder="password*" maxlength="18" required>
  217.          <input class="register_module input protect_from_spaces" type="password" name="cpassword" placeholder="confirm password*" maxlength="18" required><br />
  218.        </div>
  219.      </div>
  220.        <br />
  221.  
  222.        <!-- here add user details section (name, avatar, birthday, etc...) -->
  223.        <h2 style="text-align:left;font-family:"Roboto",sans-serif;">Account Details<span style="font-size:12px;font-weight:400;"> (optional)</span></h2>
  224.  
  225.        <br />
  226.        <div class="account_details">
  227.          <p style="text-align:left;font-family:"Roboto",sans-serif;font-weight:400;">Name:<span style="font-size:12px;font-weight:400;"> (required)</span></p>
  228.          <input class="register_module_short protect_from_spaces" style="margin-right:1%;" type="text" name="first_name" placeholder="first name*" required />
  229.          <input class="register_module_short protect_from_spaces" type="text" name="last_name" placeholder="last name" />
  230.  
  231.          <p style="text-align:left;font-family:"Roboto",sans-serif;font-weight:400;">Birthday:</p>
  232.          <input style="margin-top:-10px;" class="register_module protect_from_spaces" type="date" name="birthday" />
  233.  
  234.          <p style="text-align:left;font-family:"Roboto",sans-serif;font-weight:400;">Social Link(s):</p>
  235.          <input class="register_module protect_from_spaces" type="text" style="margin-top:-10px;" type="url" name="steam_profile" placeholder="steam profile (http://www.steamcommunity.com/id/lowheartrate/)" />
  236.          <input class="register_module protect_from_spaces" type="text" name="twitter_profile" placeholder="twitter profile (https://twitter.com/lowheartrate)" />
  237.          <input class="register_module protect_from_spaces" type="text" name="facebook_profile" placeholder="facebook profile (https://www.facebook.com/officiallowheartrate)" />
  238.          <input class="register_module protect_from_spaces" type="text" name="instagram_profile" placeholder="instagram profile (https://instagram.com/lowheartrate)" />
  239.  
  240.          <!-- image upload for avatar... -->
  241.          <div class="image_uploader">
  242.            <h2 style="text-align:left;font-family:"Roboto",sans-serif;">✌ Avatar Uploader</h2><br />
  243.  
  244.            <p style="margin-top:-20px;font-size:12px;text-align:left;">Select image to upload:</p>
  245.            <div style="text-align:left;font-size:12px;margin-top:-5px;margin-bottom:25px;">
  246.              <input type="file" name="avatar" class="" />
  247.            </div>
  248.          </div>
  249.        </div>
  250.  
  251.        <!-- check errors in registration -->
  252.  ';
  253.   checkRegisterErrors();
  254.   echo '
  255.  
  256.        <br />
  257.        <p class="pull-left" style="max-width:50%;">by signing up, you agree to our <a href="#">terms</a> and that you have read our <a href="#">privacy policy</a> and <a href="#">content policy</a>.</p>
  258.        <div class="g-recaptcha pull-right" data-sitekey="6Levrg4TAAAAAN-pL6Xl2tndj3ZDn5nJ3PRUhMV-"></div><br />
  259.  
  260.        <br />
  261.  
  262.        <button type="submit" name="submit_registration" class="btn-register" style="margin-top:10px;">sign up</button>
  263.    </form>
  264.  </center>
  265.  ';
  266. }
  267.  
  268. // if user is here to active account...
  269. if ($action == 'verify_email') {
  270.   // if user is logged in - protect page
  271.   protect();
  272.  
  273.   // show header
  274.   showHeader('Verify Email');
  275.  
  276.   // get the activation id from url
  277.   $activationID = $_GET['activation_id'];
  278.  
  279.   // update the users activated to '1'
  280.   $sql = "UPDATE users SET activated = :activated WHERE activation_id = :activation_id";
  281.   $activate = dbConnect()->prepare($sql);
  282.   $activate->bindValue(':activated', '1');
  283.   $activate->bindParam(':activation_id', $activationID);
  284.   $activate->execute();
  285.  
  286.   // echo success message & redirect user
  287.   echo '<p class="success">Your email has been validated successfully!</p>';
  288.   redirect('index.php');
  289. }
  290.  
  291. // if user is here because they forgot their password...
  292. if ($action == 'forgot_password') {
  293.   // protect from users already logged in
  294.   protect();
  295.  
  296.   // set page title to 'Forgot Password' & show header(navbar)
  297.   showHeader('Forgot Password');
  298.  
  299.   // get current time
  300.   date_default_timezone_set('America/New_York');
  301.   $current_time = date('YmdHis');
  302.  
  303.   // if user hasn't submitted form with email:
  304.   if(!isset($_POST['email'])) {
  305.     // echo form to submit email for password reset link
  306.     echo '
  307.    <form method="post">
  308.      <input type="hidden" name="resetpw_date" placeholder="Current date/time: ' .$current_time. '" />
  309.      <input type="email" name="email" placeholder="email address" required /><br />
  310.      <button class="btn btn-primary" type="submit" value="reset password">Reset Password</button>
  311.    </form>
  312.    ';
  313.  
  314.     // if user has submitted $_POST['email']
  315.   } else {
  316.  
  317.     // random string from http://php.net/manual/en/function.openssl-random-pseudo-bytes.php
  318.     for ($i = -1; $i <= 10; $i++) {
  319.       $pwreset_code = openssl_random_pseudo_bytes($i, $cstrong);
  320.       $pwresetcode = bin2hex($pwreset_code);
  321.     }
  322.  
  323.     // set variable for $_POST['email']
  324.     $email = $_POST['email'];
  325.  
  326.     // require config.php for email
  327.     require_once 'core/config.php';
  328.  
  329.     // tell user email has been sent if email exists in database
  330.     echo '<p class="info">If an account is registered with email: ' .$email. ', an email has been sent to reset the password.</p>';
  331.  
  332.     // send email to $email
  333.     $msg = "<p>You are receiving this email because you requested your password to be reset, if you didn't you can ignore this email. <br />Follow the link below to reset your password.</p>";
  334.     $msg .= "<p><a href='http://" .$url. "/reset_password.php?uid=" .$pwresetcode. "'>Reset password</a><br />Thank you</p>";
  335.     $msg = wordwrap($msg,70);
  336.     $headers = "MIME-Version: 1.0" . "\r\n";
  337.     $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
  338.     mail($email, "PASSWORD RESET", $msg, $headers);
  339.  
  340.     // update resetpw_id and resetpw_date fields in database
  341.     try {
  342.       // insert $pwresetcode into resetpw_code in db where email = email submitted...
  343.       $email = $_POST['email'];
  344.       $pwresetcode = bin2hex($pwreset_code);
  345.       $pwcodedb = dbConnect()->prepare("UPDATE users SET resetpw_id = :pwresetcode, resetpw_date = :currentTime WHERE email = :email");
  346.       $pwcodedb->bindParam(':email', $email);
  347.       $pwcodedb->bindParam(':pwresetcode', $pwresetcode);
  348.       $pwcodedb->bindParam(':currentTime', $current_time);
  349.       $pwcodedb->execute();
  350.     } catch(PDOException $e) {
  351.       echo $pwcodedb . '<br />' . $e->getMessage();
  352.     }
  353.  
  354.   }
  355. }
  356.  
  357. // if user is here to reset their password
  358. if ($action == 'reset_password') {
  359.   // report all errors
  360.   //error_reporting(E_ALL);
  361.  
  362.   // set page title to 'Update Password' & include navbar
  363.   showHeader('Update Password');
  364.  
  365.   // get uid from url
  366.   $uid = $_GET['uid'];
  367.  
  368.   // protect page from users that are already logged in
  369.   protect();
  370.  
  371.   // show form to user
  372.   echo '
  373.  <form method="POST">
  374.    <input type="hidden" placeholder="your uid is <?php echo $uid; ?>" name="uid" class="input2" readonly required />
  375.    <input type="password" placeholder="new password" name="newPassword" class="input" required />
  376.    <input type="password" placeholder="confirm new password" name="confirmNewPassword" class="input" required />
  377.    <br />
  378.    <button type="submit" class="btn btn-primary">change password</button>
  379.  </form>
  380.  ';
  381.  
  382.   // set timezone
  383.   date_default_timezone_set('America/New_York');
  384.  
  385.   // select the date user request pw reset
  386.   $fetch_time =  dbConnect()->prepare("SELECT resetpw_date FROM users WHERE resetpw_id = :uid");
  387.   $fetch_time->bindParam(':uid', $uid);
  388.   $fetch_time->execute();
  389.  
  390.   // ..
  391.   while($row = $fetch_time->fetch(PDO::FETCH_ASSOC)) {
  392.     //$stored_username = $row['username'];
  393.     $stored_resetpw_date = $row['resetpw_date'];
  394.     $resetpw_date = new DateTime($stored_resetpw_date);
  395.     $resetpw_date->format('YmdHis');
  396.   }
  397.  
  398.   // date_time RIGHT NOW!
  399.   $timeRightNow = date('YmdHis');
  400.  
  401.   // Difference between $stored_resetpw_date and $current_time
  402.   $currentTime = strtotime($timeRightNow);
  403.   $requestedPwDate = strtotime($stored_resetpw_date);
  404.   $diff = ($currentTime - $requestedPwDate) / 60;
  405.  
  406.   // if users submits form with new password and confirm password filled out
  407.   if (isset($_POST['newPassword'], $_POST['confirmNewPassword'])) {
  408.   $newPassword = $_POST['newPassword'];
  409.   $confirmNewPassword = $_POST['confirmNewPassword'];
  410.   // if they posted their UID, new password, and confirm new password...
  411.   $sql = "SELECT email, username, password FROM users WHERE resetpw_id = :uid";
  412.   $reset_pw_db_select=dbConnect()->prepare($sql);
  413.   $reset_pw_db_select->bindParam(':uid', $uid);
  414.   $reset_pw_db_select->execute();
  415.  
  416.     // if passwords don't match give user error
  417.     if ($newPassword != $confirmNewPassword) {
  418.       echo '<p class="error pull-right">passwords do not match</p>';
  419.  
  420.     // if passwords are less then 8 characters give user error
  421.     } elseif (strlen($newPassword) < 8) {
  422.       echo '<p class="error pull-right">passwords must be at least 8 characters</p>';
  423.  
  424.     // if user requested pw reset more then 15 minutes ago...
  425.     } elseif ($diff > 15) {
  426.       echo '<p class="error pull-right">reset uid has expired</p>';
  427.  
  428.     // if no errors, update passwords in db to one's posted
  429.     } else {
  430.       $hashed_password = password_hash($newPassword, PASSWORD_DEFAULT);
  431.       $reset_pw_db=dbConnect()->prepare("UPDATE users SET password = '$hashed_password' WHERE resetpw_id = '$uid'");
  432.       //echo $hashed_password;
  433.       $reset_pw_db->execute();
  434.       // provide success message and redirect to homepage
  435.       echo '<p class="success pull-right">password reset successfully!</p>';
  436.       redirect('index.php');
  437.     }
  438.   }
  439. }
  440.  
  441. // if user is here to edit preferences of their account...
  442. if ($action == 'edit_account') {
  443.   // set page title to 'Edit Account' & show navbar
  444.   showHeader('Edit Account');
  445.  
  446.   // protect page from users that are not logged in...
  447.   protect2();
  448.  
  449.   echo '<p class="error">function currently unavailable, sorry.</p>';
  450. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!