Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php if(!isset($msg)){$msg="";}
- $site_email="support@topshelf.tech";$site_name="Top Shelf Tech";
- // password hash parameters; put this into a separate configuration file
- const PASSWORD_HASH_ALGO = PASSWORD_BCRYPT; // bcrypt is currently the only choice
- const PASSWORD_HASH_COST = 12; // adjust this to your own hardware (hashing a password should take roughly one second)
- const PASSWORD_MAX_LENGTH = 56; // bcrypt has a maximum input length of 56 bytes
- if((isset($_SESSION['username']) && trim($_SESSION['username']) != '')||(isset($_SESSION['email']) && trim($_SESSION['email']) != '')) {
- $_SESSION['LoginSignupDisplay'] = "hide";
- $_SESSION['LogoutDisplay'] = "show";
- if(isset($_SESSION['name'])){
- $_SESSION['loggedinMessage'] = "<p class='success' style='font-size: 14px;'>Welcome $_SESSION[name], <br> you are logged in.</p>";
- }else{$_SESSION['loggedinMessage'] = "<p class='success' style='font-size: 14px;'>Welcome $_SESSION[username], <br> you are logged in.</p>";}
- } else {
- $_SESSION['LoginSignupDisplay'] = "show";
- $_SESSION['LogoutDisplay'] = "hide";
- $_SESSION['loggedinMessage'] = "";
- }
- //---------------------------------------- PHP FUNCTIONS START --------------------------------------- //
- function add_to_head($tag="") {
- global $page_head_tags;
- if(!stristr($page_head_tags, $tag)){
- $page_head_tags .= $tag."\n";
- }
- }
- function test_input($data) {
- $data = trim($data);
- $data = stripslashes($data);
- $data = htmlspecialchars($data);
- return $data;
- }
- //----------------------------------------- PHP FUNCTIONS END ---------------------------------------- //
- //----------------------------------------- ACTIVATE PHP START -------------------------------------- //
- if(isset($_GET['user']) && $_GET['user'] != "" && isset($_GET['token']) && $_GET['token'] != ""){
- $user = preg_replace('#[^0-9]#', '', $_GET['user']);
- $token = preg_replace('#[^a-z0-9]#i', '', $_GET['token']);
- $stmt = $db->prepare("SELECT id, activated, username, password, email, token FROM members WHERE id=:uid AND token=:token LIMIT 1");
- $stmt->bindValue(':uid',$user,PDO::PARAM_STR);
- $stmt->bindValue(':token',$token,PDO::PARAM_STR);
- try{
- $stmt->execute();
- $count = $stmt->rowCount();
- if($count > 0){
- while($row = $stmt->fetch(PDO::FETCH_ASSOC)){
- $user = $row['id'];
- $username = $row['username'];
- $email = $row['email'];
- $hash = $row['password'];
- $activated = $row['activated'];
- $token = $row['token'];
- if($activated==1){
- header('Location: '.$_SESSION['url'].'?activated=1');
- } else {
- try{
- $db->beginTransaction();
- $updateSQL = $db->prepare("UPDATE members SET activated='1' WHERE id=:uid LIMIT 1");
- // $updateLastLog = $db->prepare("UPDATE members (activated) VALUES (:uid) WHERE (id=:uid LIMIT 1)");
- $updateSQL->bindValue(':uid',$user,PDO::PARAM_INT);
- $updateSQL->execute();
- $deleteSQL = $db->prepare("UPDATE members SET token='' WHERE id=:uid AND token=:token LIMIT 1");
- // $deleteSQL = $db->prepare("UPDATE members (token) VALUES ('') WHERE (id=:uid AND token=:token LIMIT 1)");
- $deleteSQL->bindValue(':uid',$user,PDO::PARAM_INT);
- $deleteSQL->bindValue(':token',$token,PDO::PARAM_STR);
- $deleteSQL->execute();
- if(!file_exists("members/$user")){
- mkdir("members/$user", 0755);
- }
- $db->commit();
- $updateLastLog = $db->prepare("UPDATE members SET lastlog=now() WHERE id=:uid LIMIT 1");
- // $updateLastLog = $db->prepare("UPDATE members (lastlog) VALUES (now()) WHERE (id=:uid LIMIT 1)");
- $updateLastLog ->bindValue(':uid',$user,PDO::PARAM_INT);
- $updateLastLog ->execute();
- $_SESSION['uid']=$user;
- $_SESSION['email']=$email;
- $_SESSION['username']=$username;
- $_SESSION['password']=$hash;
- setcookie("id", $user, strtotime( '+30 days' ), "/", "", "", TRUE);
- setcookie("email", $email, strtotime( '+30 days'), "/", "", "", TRUE);
- setcookie("username", $username, strtotime( '+30 days'), "/", "", "", TRUE);
- setcookie("password", $hash, strtotime( '+30 days'), "/", "", "", TRUE);
- // $msg .= "<li class='success'>Login Successful</li>";
- if(isset($_SESSION['username'])){$_SESSION['loggedinMessage'] = "<p>Welcome $_SESSION[username], you are logged in.</p>";}
- if ((isset($_SESSION['username']) && trim($_SESSION['username']) != '')) {
- $_SESSION['LoginSignupDisplay'] = "hide";
- $_SESSION['LogoutDisplay'] = "show";
- $_SESSION['loggedinMessage'] = "<p>Welcome $_SESSION[username], you are logged in.</p>";
- } else {
- $_SESSION['LoginSignupDisplay'] = "show";
- $_SESSION['LogoutDisplay'] = "hide";
- $_SESSION['loggedinMessage'] = "";
- }
- header('Location: '.$_SESSION['url'].'?activated=1');
- }
- catch(PDOException $e){
- $db->rollBack();
- $msg.="<li class='error'>Error</li>";
- }
- }
- }
- }
- }
- catch(PDOException $e){
- $msg .= "<li class='error'>$e->getMessage($e)</li>";
- }
- }
- //------------------------------------------- ACTIVATE PHP END -------------------------------------- //
- //-------------------------------------------- DELETE ACCOUNT PHP END --------------------------------------- //
- if(isset($_POST['DeleteAccount'])) {
- if(isset($_SESSION['uid'])) {
- $_SESSION['uid'] = $uid;
- $msg.= "<p class='successsmall'>Delete Account has been pressed</p>";
- // sql to delete a record
- $sql = "DELETE FROM members WHERE id=:uid";
- $sql->bindValue(':uid',$uid,PDO::PARAM_STR);
- if ($db->query($sql) === TRUE) {
- $msg.= "<p class='successsmall'>Account Deleted Successfully</p>";
- } else {
- echo "Error deleting account: " . $db->error;
- }
- }
- }else{
- // $msg.= "<p class='error'>Delete Account has NOT been pressed</p>";
- }
- //------------------------------------------- DELETE ACCOUNT PHP END ---------------------------------------- //
- //----------------------------------------------- RESEND ACTIVATION START -----------------------------------------------//
- if(isset($_POST['resendActivation'])){
- $email = $_POST['email'];
- $resend = $db->prepare("SELECT id, password, firstname, activated FROM members WHERE email=:email LIMIT 1");
- $resend->bindValue(':email',$email,PDO::PARAM_INT);
- $resend->execute();
- $count = $resend->rowCount();
- if($count > 0){
- while($row = $resend->fetch(PDO::FETCH_ASSOC)){
- $uid = $row['id'];
- $firstname = $row['firstname'];
- $hash = $row['password'];
- $activated = $row['activated'];
- if($activated != 1){
- //your processing code goes here
- require_once ($_SERVER["DOCUMENT_ROOT"]."/vendor/swiftmailer/swiftmailer/lib/swift_required.php");
- include_once ($_SERVER["DOCUMENT_ROOT"]."/Scripts/smconfig.php");
- $db->beginTransaction();
- $token = md5($hash);
- $stmt2 = $db->prepare("UPDATE members SET token=:token WHERE id=:uid");
- $stmt2->bindParam(':uid',$uid,PDO::PARAM_STR);
- $stmt2->bindParam(':token',$token,PDO::PARAM_STR);
- try{
- $stmt2->execute();
- $db->commit();
- }catch(PDOException $e){
- $db->rollback();
- $_SESSION['msg']="Fail:".$e;
- }
- $link = $_SESSION['url'].'?user='.$uid.'&token='.$token.'';
- $data = "Welcome $firstname,<br><br><br>
- Thanks for registering an account at $site_name! We are glad you decided to join us.
- There's just one last step to set up your account. Please click the link below to confirm your identity and get started.
- If the link below is not active please copy and paste it into your browser address bar.
- <br><br>
- $link";
- // Create the Transport
- $transport = Swift_SmtpTransport::newInstance('smtp.gmail.com', 465, 'ssl')
- ->setUsername($user_name)
- ->setPassword($pass_word);
- // Create the Mailer using your created Transport
- $mailer = Swift_Mailer::newInstance($transport);
- // Create a message
- $message = Swift_Message::newInstance('Sign Up')
- ->setFrom(array($site_email => 'From: Auto Resposder @ '.$site_name))
- ->setTo(array($email => 'Recipient'))
- ->setSubject('IMPORTANT: Activate your '.$site_name.' Account')
- ->setBody($data, 'text/html')
- ;
- // Send the message
- $result = $mailer->send($message);
- $msg .= "<li class='success'>Thanks your activation email should be arriving shortly <br>
- Be sure to check your spam folder if the email is not arriving.</li>";
- header('Location: '.$_SESSION['url'].'?activationsent=1');
- } else {
- $msg .="<li class='error'>You have not signed up yet, no user with that email exists.<br>Please sign up first or try again.</li>";
- $msg .= "<form name='resendActivation' action='' method='POST'>Email: <input type='text' name='email' id='email'><br><br><button class='button' name='resendActivation' type='submit'>Re-Send</button></form>";
- }
- }
- } else {
- $msg .= "You have sent your activation email <br> Please check your email or try again <br> <form name='resendActivation' action='' method='POST'>Email: <input type='text' name='email' id='email'><br><br><button class='button' name='resendActivation' type='submit'>Re-Send</button></form>";
- }
- }
- //------------------------------------------------ RESEND ACTIVATION END ------------------------------------------------//
- //----------------------------------- PHP LOGIN START ---------------------------------- //
- if(isset($_POST['Login'])) {
- if(!isset($_SESSION['uid'])){
- if(isset($_POST['email']) && trim($_POST['email']) != ""){
- $email = $_POST['email'];
- $password = $_POST['password'];
- if (!(isset($_SESSION['username']) && trim($_SESSION['username']) != '')) {
- if (strlen($password) <= PASSWORD_MAX_LENGTH) {
- try{
- $stmt1 = $db->prepare("SELECT id, email, username, password FROM members WHERE email=:email AND activated='1' LIMIT 1");
- $stmt1->bindValue(':email',$email,PDO::PARAM_STR);
- $stmt1->execute();
- $count = $stmt1->rowCount();
- if($count > 0){
- while($row = $stmt1->fetch(PDO::FETCH_ASSOC)){
- $uid = $row['id'];
- $email = $row['email'];
- $username = $row['username'];
- $hash = $row['password'];
- }
- if (password_verify($password, $hash)) {
- $updateLastLog = $db->prepare("UPDATE members SET lastlog=now() WHERE id=:uid LIMIT 1");
- // $updateLastLog = $db->prepare("UPDATE members (lastlog) VALUES (now()) WHERE (id=:uid LIMIT 1)");
- $updateLastLog ->bindValue(':uid',$user,PDO::PARAM_INT);
- $updateLastLog ->execute();
- $_SESSION['uid']=$uid;
- $_SESSION['email']=$email;
- $_SESSION['username']=$username;
- $_SESSION['password']=$hash;
- setcookie("id", $uid, strtotime( '+30 days' ), "/", "", "", TRUE);
- setcookie("email", $email, strtotime( '+30 days'), "/", "", "", TRUE);
- setcookie("username", $username, strtotime( '+30 days'), "/", "", "", TRUE);
- setcookie("password", $hash, strtotime( '+30 days'), "/", "", "", TRUE);
- // $msg .= "<li class='success'>Login Successful</li>";
- if(isset($_SESSION['username'])){$_SESSION['loggedinMessage'] = "<p>Welcome $_SESSION[username], you are logged in.</p>";}
- if ((isset($_SESSION['username']) && trim($_SESSION['username']) != '')) {
- $_SESSION['LoginSignupDisplay'] = "hide";
- $_SESSION['LogoutDisplay'] = "show";
- $_SESSION['loggedinMessage'] = "<p>Welcome $_SESSION[username], you are logged in.</p>";
- } else {
- $_SESSION['LoginSignupDisplay'] = "show";
- $_SESSION['LogoutDisplay'] = "hide";
- $_SESSION['loggedinMessage'] = "";
- }
- header('Location: '.$_SESSION['url'].'');
- } else {
- $msg .= "<li class='error'>Invalid password go back and try again.</li>";
- }
- } else {
- $email = $_POST['email'];
- $stmt6 = $db->prepare("SELECT id, email FROM members WHERE email=:email LIMIT 1");
- $stmt6->bindValue(':email',$email,PDO::PARAM_STR);
- try{
- $stmt6->execute();
- $count = $stmt6->rowCount();
- if($count > 0){
- while($row = $stmt6->fetch(PDO::FETCH_ASSOC)){
- $uid = $row['id'];
- $email = $row['email'];
- }
- $msg .= "<li class='error'>You have not verified your email address yet</li>";
- if(isset($_POST['email'])){$emailpost = htmlentities($_POST['email']);}
- $msg .= "<form class='error' align='center' name='resendActivation' action='' method='POST'>
- <input class='center' type='text' name='email' value=$emailpost><br><br>
- <button class='button' name='resendActivation' type='submit'>Re-Send</button></form>";
- } else {$msg .= "<li class='error'>A user with that email address does not exist</li>";}
- }
- catch(PDOException $e){
- }
- }
- }
- catch(PDOException $e){
- $msg .= "<li class='error'>Login Failed'</li>";
- }
- } else {
- $msg .= 'The password must not be longer than '.PASSWORD_MAX_LENGTH.' bytes.';
- }
- }
- }else{
- $msg .= "<li class='error'>You didn't enter an email address</li>";
- }
- }
- }
- //------------------------------------ PHP LOGIN END -------------------------------------//
- //----------------------------------- PHP SIGNUP START -----------------------------------//
- if(isset($_POST['SignUp'])) {
- if(!isset($_SESSION['uid'])){
- $ok = "true";
- if(trim($_POST['firstname']) == "") {
- $msg .= "<li class='error'>You did not enter your first name.</li>";
- $ok = "";
- }
- if(trim($_POST['email1']) == "") {
- $msg .= "<li class='error'>You did not enter your e-mail address.</li>";
- $ok = "";
- }
- if(trim($_POST['email2']) == "") {
- $msg .= "<li class='error'>You did not confirm your e-mail address.</li>";
- $ok = "";
- }
- if(trim($_POST['username']) == "") {
- $msg .= "<li class='error'>You did not enter a user name.</li>";
- $ok = "";
- } else {
- $userTest = test_input($_POST['username']);
- if (!preg_match('/^[a-zA-Z0-9@_.]*$/', $userTest)) {
- $msg .= '<li class="error">Re-Enter Your username!<br>(only alpha, numbers, @_ are allowed)</li>';
- $ok = "";
- }
- }
- if(trim($_POST['password1']) == "") {
- $msg .= "<li class='error'>You did not enter a password.</li>";
- $ok = "";
- $password = test_input($_POST['password1']);
- if (!preg_match('/^[a-zA-Z0-9@_]*$/', $password)) {
- $msg .= 'Invalid Format! Re-Enter Password!';
- $ok = "";
- }
- }else{
- if(trim($_POST['password1']) !== trim($_POST['password2'])) {
- $msg .= "<li class='error'>You passwords did not match, please try again.</li>";
- $ok = "";
- }
- }
- if(!$ok) {
- $msg .= "</ul>";
- } else {
- //your processing code goes here
- require_once ($_SERVER["DOCUMENT_ROOT"]."/vendor/swiftmailer/swiftmailer/lib/swift_required.php");
- $secret = $secretkey;
- $ip = $_SERVER['SERVER_ADDR'];
- $captcha = $_POST['g-recaptcha-response'];
- $rsp = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$secret&captcha=$captcha&remoteip$ip");
- $arr = json_decode($rsp,TRUE);
- if(isset($_POST['g-recaptcha-response'])&& $_POST['g-recaptcha-response']){
- // Grab post data
- $firstname=$_POST['firstname'];
- $email=$_POST['email1'];
- $username=$_POST['username'];
- $password=$_POST['password1'];
- $hash = password_hash($password, PASSWORD_HASH_ALGO, array('cost' => PASSWORD_HASH_COST));
- $stmt = $db->prepare("SELECT email FROM members WHERE email=:email1 LIMIT 1");
- $stmt->bindValue(':email1',$email,PDO::PARAM_STR);
- try{
- $stmt->execute();
- $count = $stmt->rowCount();
- }
- catch(PDOException $e){
- $msg .= 'Error 002';
- $ok = "";
- }
- //// query to check if the username is in the db already ////
- $unameSQL = $db->prepare("SELECT username FROM members WHERE username=:username LIMIT 1");
- $unameSQL->bindValue(':username',$username,PDO::PARAM_STR);
- try{
- $unameSQL->execute();
- $unCount = $unameSQL->rowCount();
- }
- catch(PDOException $e){
- $msg .= 'Sorry, that username is unavailable please select another one';
- $ok = "";
- }
- ///Check if email is in the db already ////
- if($count > 0){
- $msg .= "<li class='error'>Sorry, that email is unavailable<br>please select another one</li>";
- $ok = "";
- }
- //// Check if username is in the db already ////
- if($unCount > 0){
- $msg .= "<li class='error'>Sorry, that username is unavailable please select another one</li>";
- $ok = "";
- }
- if(!$ok){
- //$msg .= "Error detected not sending email";
- } else {
- //your processing code goes here
- try{
- $db->beginTransaction();
- // $ip_binary = getenv('REMOTE_ADDR');
- $ip_binary = inet_pton(getenv('REMOTE_ADDR'));
- $token = md5($hash);
- $stmt3 = $db->prepare("INSERT INTO members (firstname, username, email, password, token, signup_date, ip_binary) VALUES (:firstname, :username, :email, :hash, :token, now(), :ip_binary)");
- $stmt3->bindParam(':firstname',$firstname,PDO::PARAM_STR);
- $stmt3->bindParam(':username',$username,PDO::PARAM_STR);
- $stmt3->bindParam(':email',$email,PDO::PARAM_STR);
- $stmt3->bindParam(':hash',$hash,PDO::PARAM_STR);
- $stmt3->bindParam(':token',$token,PDO::PARAM_STR);
- $stmt3->bindParam(':ip_binary',$ip_binary,PDO::PARAM_STR);
- $stmt3->execute();
- $lastId = $db->lastInsertId();
- $link = $_SESSION['url'].'?user='.$lastId.'&token='.$token.'';
- $data = "Welcome $firstname,<br><br><br>
- Thanks for registering an account at $site_name! I am glad you decided to join the team.
- There's just one last step to set up your account. Please click the link below to confirm your identity and get started.
- If the link below is not active please copy and paste it into your browser address bar.
- <br><br>
- $link";
- // Create the Transport
- $transport = Swift_SmtpTransport::newInstance('smtp.gmail.com', 465, 'ssl')
- ->setUsername($user_name)
- ->setPassword($pass_word);
- // Create the Mailer using your created Transport
- $mailer = Swift_Mailer::newInstance($transport);
- // Create a message
- $message = Swift_Message::newInstance('Sign Up')
- ->setFrom(array($site_email => 'From: Auto Resposder @ '.$site_name))
- ->setTo(array($email => 'Recipient'))
- ->setSubject('IMPORTANT: Activate your '.$site_name.' Account')
- ->setBody($data, 'text/html')
- ;
- // Send the message
- $result = $mailer->send($message);
- $db->commit();
- $msg .= "<li class='success'>Thanks for joining! Check your email in a few moments to activate your account so that you may log in. See you on the site!</li>";
- unset($_POST);
- header('Location: '.$_SESSION['url'].'?signupSuccess=1');
- ;
- }
- catch(PDOException $e){
- $db->rollBack();
- $msg.="<p class='error'>Rolledback due to this error:</p>";$msg.=$e;
- }
- }
- } else {
- $msg .= "<li class='error'>Captcha Failed</li>";
- }
- }
- }
- //------------------------------------ PHP SIGNUP END ------------------------------------//
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement