Untitled

<?php if(!isset($msg)){$msg="";}
$site_email="support@topshelf.tech";$site_name="Top Shelf Tech";

// password hash parameters; put this into a separate configuration file
const PASSWORD_HASH_ALGO = PASSWORD_BCRYPT;    // bcrypt is currently the only choice
const PASSWORD_HASH_COST = 12;                 // adjust this to your own hardware (hashing a password should take roughly one second)
const PASSWORD_MAX_LENGTH = 56;                // bcrypt has a maximum input length of 56 bytes

if((isset($_SESSION['username']) && trim($_SESSION['username']) != '')||(isset($_SESSION['email']) && trim($_SESSION['email']) != '')) {
	$_SESSION['LoginSignupDisplay'] = "hide";
	$_SESSION['LogoutDisplay'] = "show";
	if(isset($_SESSION['name'])){
		$_SESSION['loggedinMessage'] = "<p class='success' style='font-size: 14px;'>Welcome $_SESSION[name], <br> you are logged in.</p>";
	}else{$_SESSION['loggedinMessage'] = "<p class='success' style='font-size: 14px;'>Welcome $_SESSION[username], <br> you are logged in.</p>";}
} else {
	$_SESSION['LoginSignupDisplay'] = "show";
	$_SESSION['LogoutDisplay'] = "hide";
	$_SESSION['loggedinMessage'] = "";
}
//----------------------------------------  PHP FUNCTIONS START --------------------------------------- //
function add_to_head($tag="") {
	global $page_head_tags;

	if(!stristr($page_head_tags, $tag)){
		$page_head_tags .= $tag."\n";
	}
}
function test_input($data) {
	 $data = trim($data);
	 $data = stripslashes($data);
	 $data = htmlspecialchars($data);
	 return $data;
}
//-----------------------------------------  PHP FUNCTIONS END ---------------------------------------- //

//-----------------------------------------  ACTIVATE PHP START  -------------------------------------- //
if(isset($_GET['user']) && $_GET['user'] != "" && isset($_GET['token']) && $_GET['token'] != ""){
	$user = preg_replace('#[^0-9]#', '', $_GET['user']);
	$token = preg_replace('#[^a-z0-9]#i', '', $_GET['token']);
	$stmt = $db->prepare("SELECT id, activated, username, password, email, token FROM members WHERE id=:uid AND token=:token LIMIT 1");
	$stmt->bindValue(':uid',$user,PDO::PARAM_STR);
	$stmt->bindValue(':token',$token,PDO::PARAM_STR);
	try{
		$stmt->execute();
		$count = $stmt->rowCount();
		if($count > 0){
			while($row = $stmt->fetch(PDO::FETCH_ASSOC)){
				$user = $row['id'];
				$username = $row['username'];
				$email = $row['email'];
				$hash = $row['password'];
				$activated = $row['activated'];
				$token = $row['token'];
				if($activated==1){
					header('Location: '.$_SESSION['url'].'?activated=1');
				} else {
					try{
						$db->beginTransaction();
						$updateSQL = $db->prepare("UPDATE members SET activated='1' WHERE id=:uid LIMIT 1");
			//			$updateLastLog = $db->prepare("UPDATE members (activated) VALUES (:uid) WHERE (id=:uid LIMIT 1)");
						$updateSQL->bindValue(':uid',$user,PDO::PARAM_INT);
						$updateSQL->execute();
						$deleteSQL = $db->prepare("UPDATE members SET token='' WHERE id=:uid AND token=:token LIMIT 1");
			//			$deleteSQL = $db->prepare("UPDATE members (token) VALUES ('') WHERE (id=:uid AND token=:token LIMIT 1)");
						$deleteSQL->bindValue(':uid',$user,PDO::PARAM_INT);
						$deleteSQL->bindValue(':token',$token,PDO::PARAM_STR);
						$deleteSQL->execute();
						if(!file_exists("members/$user")){
							mkdir("members/$user", 0755);
						}
						$db->commit();
						$updateLastLog = $db->prepare("UPDATE members SET lastlog=now() WHERE id=:uid LIMIT 1");
			//			$updateLastLog = $db->prepare("UPDATE members (lastlog) VALUES (now()) WHERE (id=:uid LIMIT 1)");
						$updateLastLog ->bindValue(':uid',$user,PDO::PARAM_INT);
						$updateLastLog ->execute();
						$_SESSION['uid']=$user;
						$_SESSION['email']=$email;
						$_SESSION['username']=$username;
						$_SESSION['password']=$hash;
						setcookie("id", $user, strtotime( '+30 days' ), "/", "", "", TRUE);
						setcookie("email", $email, strtotime( '+30 days'), "/", "", "", TRUE);
						setcookie("username", $username, strtotime( '+30 days'), "/", "", "", TRUE);
						setcookie("password", $hash, strtotime( '+30 days'), "/", "", "", TRUE);
					//	$msg .= "<li class='success'>Login Successful</li>";
						if(isset($_SESSION['username'])){$_SESSION['loggedinMessage'] = "<p>Welcome $_SESSION[username], you are logged in.</p>";}
						if ((isset($_SESSION['username']) && trim($_SESSION['username']) != '')) {
							$_SESSION['LoginSignupDisplay'] = "hide";
							$_SESSION['LogoutDisplay'] = "show";
							$_SESSION['loggedinMessage'] = "<p>Welcome $_SESSION[username], you are logged in.</p>";
						} else {
							$_SESSION['LoginSignupDisplay'] = "show";
							$_SESSION['LogoutDisplay'] = "hide";
							$_SESSION['loggedinMessage'] = "";
						}
						header('Location: '.$_SESSION['url'].'?activated=1');
					}
					catch(PDOException $e){
						$db->rollBack();
						$msg.="<li class='error'>Error</li>";
					}
				}
			}
		}
	}
	catch(PDOException $e){
		$msg .= "<li class='error'>$e->getMessage($e)</li>";
	}
}
//-------------------------------------------  ACTIVATE PHP END  -------------------------------------- //
//--------------------------------------------  DELETE ACCOUNT PHP END  --------------------------------------- //
if(isset($_POST['DeleteAccount'])) {
	if(isset($_SESSION['uid'])) {
		$_SESSION['uid'] = $uid;
		$msg.= "<p class='successsmall'>Delete Account has been pressed</p>";

		// sql to delete a record
		$sql = "DELETE FROM members WHERE id=:uid";
		$sql->bindValue(':uid',$uid,PDO::PARAM_STR);
		if ($db->query($sql) === TRUE) {
		$msg.= "<p class='successsmall'>Account Deleted Successfully</p>";
		} else {
			echo "Error deleting account: " . $db->error;
		}
	}
}else{
//	$msg.= "<p class='error'>Delete Account has NOT been pressed</p>";
}
//-------------------------------------------  DELETE ACCOUNT PHP END  ---------------------------------------- //
//-----------------------------------------------  RESEND ACTIVATION START  -----------------------------------------------//
if(isset($_POST['resendActivation'])){
		$email = $_POST['email'];
		$resend = $db->prepare("SELECT id, password, firstname, activated FROM members WHERE email=:email LIMIT 1");
		$resend->bindValue(':email',$email,PDO::PARAM_INT);
		$resend->execute();
		$count = $resend->rowCount();
		if($count > 0){
			while($row = $resend->fetch(PDO::FETCH_ASSOC)){
				$uid = $row['id'];
				$firstname = $row['firstname'];
				$hash = $row['password'];
				$activated = $row['activated'];
				if($activated != 1){

				//your processing code goes here
					require_once ($_SERVER["DOCUMENT_ROOT"]."/vendor/swiftmailer/swiftmailer/lib/swift_required.php");
					include_once ($_SERVER["DOCUMENT_ROOT"]."/Scripts/smconfig.php");
					$db->beginTransaction();
					$token = md5($hash);
					$stmt2 = $db->prepare("UPDATE members SET token=:token WHERE id=:uid");
					$stmt2->bindParam(':uid',$uid,PDO::PARAM_STR);
					$stmt2->bindParam(':token',$token,PDO::PARAM_STR);
				try{
					$stmt2->execute();
					$db->commit();
				}catch(PDOException $e){
					$db->rollback();
					$_SESSION['msg']="Fail:".$e;
				}
						$link = $_SESSION['url'].'?user='.$uid.'&token='.$token.'';
						$data = "Welcome $firstname,<br><br><br>
								Thanks for registering an account at $site_name! We are glad you decided to join us.
								There's just one last step to set up your account. Please click the link below to confirm your identity and get started.
								If the link below is not active please copy and paste it into your browser address bar.
								<br><br>
								$link";
					// Create the Transport
						$transport = Swift_SmtpTransport::newInstance('smtp.gmail.com', 465, 'ssl')
							 ->setUsername($user_name)
							 ->setPassword($pass_word);
					// Create the Mailer using your created Transport
						$mailer = Swift_Mailer::newInstance($transport);
						// Create a message
						$message = Swift_Message::newInstance('Sign Up')
						  ->setFrom(array($site_email => 'From: Auto Resposder @ '.$site_name))
						  ->setTo(array($email => 'Recipient'))
						  ->setSubject('IMPORTANT: Activate your '.$site_name.' Account')
						  ->setBody($data, 'text/html')
						  ;
						// Send the message
						$result = $mailer->send($message);
						$msg .= "<li class='success'>Thanks your activation email should be arriving shortly <br>
							Be sure to check your spam folder if the email is not arriving.</li>";
						header('Location: '.$_SESSION['url'].'?activationsent=1');
					} else {
						$msg .="<li class='error'>You have not signed up yet, no user with that email exists.<br>Please sign up first or try again.</li>";
						$msg .= "<form name='resendActivation' action='' method='POST'>Email: <input type='text' name='email' id='email'><br><br><button class='button' name='resendActivation' type='submit'>Re-Send</button></form>";
					}
			}
	} else {
		$msg .= "You have sent your activation email <br> Please check your email or try again <br> <form name='resendActivation' action='' method='POST'>Email: <input type='text' name='email' id='email'><br><br><button class='button' name='resendActivation' type='submit'>Re-Send</button></form>";
	}
}

//------------------------------------------------  RESEND ACTIVATION END  ------------------------------------------------//

//-----------------------------------  PHP LOGIN START ---------------------------------- //

if(isset($_POST['Login'])) {
	if(!isset($_SESSION['uid'])){
		if(isset($_POST['email']) && trim($_POST['email']) != ""){
			$email = $_POST['email'];
			$password = $_POST['password'];
			if (!(isset($_SESSION['username']) && trim($_SESSION['username']) != '')) {
					if (strlen($password) <= PASSWORD_MAX_LENGTH) {
						try{
							$stmt1 = $db->prepare("SELECT id, email, username, password FROM members WHERE email=:email AND activated='1' LIMIT 1");
							$stmt1->bindValue(':email',$email,PDO::PARAM_STR);
							$stmt1->execute();
							$count = $stmt1->rowCount();
							if($count > 0){
								while($row = $stmt1->fetch(PDO::FETCH_ASSOC)){
									$uid = $row['id'];
									$email = $row['email'];
									$username = $row['username'];
									$hash = $row['password'];
								}
								if (password_verify($password, $hash)) {
									$updateLastLog = $db->prepare("UPDATE members SET lastlog=now() WHERE id=:uid LIMIT 1");
						//			$updateLastLog = $db->prepare("UPDATE members (lastlog) VALUES (now()) WHERE (id=:uid LIMIT 1)");
									$updateLastLog ->bindValue(':uid',$user,PDO::PARAM_INT);
									$updateLastLog ->execute();
									$_SESSION['uid']=$uid;
									$_SESSION['email']=$email;
									$_SESSION['username']=$username;
									$_SESSION['password']=$hash;
									setcookie("id", $uid, strtotime( '+30 days' ), "/", "", "", TRUE);
									setcookie("email", $email, strtotime( '+30 days'), "/", "", "", TRUE);
									setcookie("username", $username, strtotime( '+30 days'), "/", "", "", TRUE);
									setcookie("password", $hash, strtotime( '+30 days'), "/", "", "", TRUE);
								//	$msg .= "<li class='success'>Login Successful</li>";
									if(isset($_SESSION['username'])){$_SESSION['loggedinMessage'] = "<p>Welcome $_SESSION[username], you are logged in.</p>";}
									if ((isset($_SESSION['username']) && trim($_SESSION['username']) != '')) {
										$_SESSION['LoginSignupDisplay'] = "hide";
										$_SESSION['LogoutDisplay'] = "show";
										$_SESSION['loggedinMessage'] = "<p>Welcome $_SESSION[username], you are logged in.</p>";
									} else {
										$_SESSION['LoginSignupDisplay'] = "show";
										$_SESSION['LogoutDisplay'] = "hide";
										$_SESSION['loggedinMessage'] = "";
									}
									header('Location: '.$_SESSION['url'].'');
								} else {
									$msg .= "<li class='error'>Invalid password go back and try again.</li>";
								}
							} else {
								$email = $_POST['email'];
								$stmt6 = $db->prepare("SELECT id, email FROM members WHERE email=:email LIMIT 1");
								$stmt6->bindValue(':email',$email,PDO::PARAM_STR);
								try{
									$stmt6->execute();
									$count = $stmt6->rowCount();
									if($count > 0){
										while($row = $stmt6->fetch(PDO::FETCH_ASSOC)){
											$uid = $row['id'];
											$email = $row['email'];
										}
									$msg .= "<li class='error'>You have not verified your email address yet</li>";
									if(isset($_POST['email'])){$emailpost = htmlentities($_POST['email']);}
									$msg .= "<form class='error' align='center' name='resendActivation' action='' method='POST'>
											<input class='center' type='text' name='email' value=$emailpost><br><br>
											<button class='button' name='resendActivation' type='submit'>Re-Send</button></form>";
									} else {$msg .= "<li class='error'>A user with that email address does not exist</li>";}
								}
								catch(PDOException $e){
								}
							}
						}
						catch(PDOException $e){
							$msg .= "<li class='error'>Login Failed'</li>";
						}
					} else {
						$msg .= 'The password must not be longer than '.PASSWORD_MAX_LENGTH.' bytes.';
					}
			}
		}else{
			$msg .= "<li class='error'>You didn't enter an email address</li>";
		}
	}
}
//------------------------------------ PHP LOGIN END -------------------------------------//
//----------------------------------- PHP SIGNUP START -----------------------------------//

if(isset($_POST['SignUp'])) {
	if(!isset($_SESSION['uid'])){
		 $ok = "true";
		 if(trim($_POST['firstname']) == "") {
			  $msg .= "<li class='error'>You did not enter your first name.</li>";
			  $ok = "";
		 }
		 if(trim($_POST['email1']) == "") {
			  $msg .= "<li class='error'>You did not enter your e-mail address.</li>";
			  $ok = "";
	 	 }
		 if(trim($_POST['email2']) == "") {
			  $msg .= "<li class='error'>You did not confirm your e-mail address.</li>";
			  $ok = "";
	 	 }
		 if(trim($_POST['username']) == "") {
			  $msg .= "<li class='error'>You did not enter a user name.</li>";
			  $ok = "";
			  } else {
				$userTest = test_input($_POST['username']);
				if (!preg_match('/^[a-zA-Z0-9@_.]*$/', $userTest)) {
					$msg .= '<li class="error">Re-Enter Your username!<br>(only alpha, numbers, @_ are allowed)</li>';
					$ok = "";
				}
		 }
		 if(trim($_POST['password1']) == "") {
			  $msg .= "<li class='error'>You did not enter a password.</li>";
			  $ok = "";
	 		  $password = test_input($_POST['password1']);

			  if (!preg_match('/^[a-zA-Z0-9@_]*$/', $password)) {
				  $msg .= 'Invalid Format! Re-Enter Password!';
				  $ok = "";
			  }
		 }else{
			 if(trim($_POST['password1']) !== trim($_POST['password2'])) {
				  $msg .= "<li class='error'>You passwords did not match, please try again.</li>";
				  $ok = "";
			 }
		 }
		 if(!$ok) {
			  $msg .= "</ul>";
		 } else {

		  //your processing code goes here

			require_once ($_SERVER["DOCUMENT_ROOT"]."/vendor/swiftmailer/swiftmailer/lib/swift_required.php");
				$secret = $secretkey;
				$ip = $_SERVER['SERVER_ADDR'];
				$captcha = $_POST['g-recaptcha-response'];
				$rsp = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$secret&captcha=$captcha&remoteip$ip");
				$arr = json_decode($rsp,TRUE);
				if(isset($_POST['g-recaptcha-response'])&& $_POST['g-recaptcha-response']){

				  // Grab post data

					$firstname=$_POST['firstname'];
					$email=$_POST['email1'];
					$username=$_POST['username'];
					$password=$_POST['password1'];
						$hash = password_hash($password, PASSWORD_HASH_ALGO, array('cost' => PASSWORD_HASH_COST));
						$stmt = $db->prepare("SELECT email FROM members WHERE email=:email1 LIMIT 1");
						$stmt->bindValue(':email1',$email,PDO::PARAM_STR);
						try{
							$stmt->execute();
							$count = $stmt->rowCount();
						}
						catch(PDOException $e){
							$msg .= 'Error 002';
							$ok = "";
						}
						//// query to check if the username is in the db already ////
						$unameSQL = $db->prepare("SELECT username FROM members WHERE username=:username LIMIT 1");
						$unameSQL->bindValue(':username',$username,PDO::PARAM_STR);
						try{
							$unameSQL->execute();
							$unCount = $unameSQL->rowCount();
						}
						catch(PDOException $e){
							$msg .= 'Sorry, that username is unavailable please select another one';
							$ok = "";
						}
						///Check if email is in the db already ////
						if($count > 0){
							$msg .= "<li class='error'>Sorry, that email is unavailable<br>please select another one</li>";
							$ok = "";
						}
						//// Check if username is in the db already ////
						if($unCount > 0){
							$msg .= "<li class='error'>Sorry, that username is unavailable please select another one</li>";
							$ok = "";
						}
						if(!$ok){
						  //$msg .= "Error detected not sending email";
						 } else {
						  //your processing code goes here
							try{
								$db->beginTransaction();
							//	$ip_binary = getenv('REMOTE_ADDR');
								$ip_binary = inet_pton(getenv('REMOTE_ADDR'));
								$token = md5($hash);
								$stmt3 = $db->prepare("INSERT INTO members (firstname, username, email, password, token, signup_date, ip_binary) VALUES (:firstname, :username, :email, :hash, :token, now(), :ip_binary)");
								$stmt3->bindParam(':firstname',$firstname,PDO::PARAM_STR);
								$stmt3->bindParam(':username',$username,PDO::PARAM_STR);
								$stmt3->bindParam(':email',$email,PDO::PARAM_STR);
								$stmt3->bindParam(':hash',$hash,PDO::PARAM_STR);
								$stmt3->bindParam(':token',$token,PDO::PARAM_STR);
								$stmt3->bindParam(':ip_binary',$ip_binary,PDO::PARAM_STR);
								$stmt3->execute();
								$lastId = $db->lastInsertId();
									$link = $_SESSION['url'].'?user='.$lastId.'&token='.$token.'';
									$data = "Welcome $firstname,<br><br><br>
											Thanks for registering an account at $site_name! I am glad you decided to join the team.
											There's just one last step to set up your account. Please click the link below to confirm your identity and get started.
											If the link below is not active please copy and paste it into your browser address bar.
											<br><br>
											$link";
								// Create the Transport
									$transport = Swift_SmtpTransport::newInstance('smtp.gmail.com', 465, 'ssl')
										 ->setUsername($user_name)
										 ->setPassword($pass_word);
								// Create the Mailer using your created Transport
									$mailer = Swift_Mailer::newInstance($transport);
									// Create a message
									$message = Swift_Message::newInstance('Sign Up')
									  ->setFrom(array($site_email => 'From: Auto Resposder @ '.$site_name))
									  ->setTo(array($email => 'Recipient'))
									  ->setSubject('IMPORTANT: Activate your '.$site_name.' Account')
									  ->setBody($data, 'text/html')
									  ;
									// Send the message
									$result = $mailer->send($message);

								$db->commit();
								$msg .= "<li class='success'>Thanks for joining! Check your email in a few moments to activate your account so that you may log in. See you on the site!</li>";
								unset($_POST);
								header('Location: '.$_SESSION['url'].'?signupSuccess=1');
								;
							}
							catch(PDOException $e){
								$db->rollBack();
								$msg.="<p class='error'>Rolledback due to this error:</p>";$msg.=$e;
							}
						}
				} else {
			$msg .= "<li class='error'>Captcha Failed</li>";
		}
	}
 }
//------------------------------------ PHP SIGNUP END ------------------------------------//
}
?>