Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- function checkUserEmail($uname,$email)
- {
- global $link;
- global $_SESSION;
- $error = array('status'=>false,'userID'=>0);
- if (isset($email) && trim($email) != '') {
- //email was entered
- if ($SQL = $link->prepare("SELECT `ID` FROM `users_enc` WHERE `Email` = ? LIMIT 1"))
- {
- $email=trim($email);
- $SQL->bind_param('s',$email);
- $SQL->execute();
- $SQL->store_result();
- $numRows = $SQL->num_rows();
- $SQL->bind_result($userID);
- $SQL->fetch();
- $SQL->close();
- if ($numRows >= 1)
- {
- return array('status'=>true,'userID'=>$userID);
- } else {
- $_SESSION['alert'] = '<strong>FOUT!</strong> Je e-mailadres komt niet voor in ons systeem.';
- return $error;
- }
- }
- } elseif (isset($uname) && trim($uname) != '') {
- //username was entered
- if ($SQL = $link->prepare("SELECT `ID` FROM `users_enc` WHERE `Username` = ? LIMIT 1"))
- {
- $uname=trim($uname);
- $SQL->bind_param('s',$uname);
- $SQL->execute();
- $SQL->store_result();
- $numRows = $SQL->num_rows();
- $SQL->bind_result($userID);
- $SQL->fetch();
- $SQL->close();
- if ($numRows >= 1)
- {
- return array('status'=>true,'userID'=>$userID);
- } else {
- $_SESSION['alert'] = '<strong>FOUT!</strong> Je gebruikersnaam komt niet voor in ons systeem.';
- return $error;
- }
- }
- } else {
- //nothing was entered;
- $_SESSION['alert'] = '<strong>FOUT!</strong> Je moet je e-mailadres of gebruikersnaam ingeven.';
- return $error;
- }
- }
- function getSecurityQuestion($userID)
- {
- global $link;
- global $_SESSION;
- $questions = array();
- $questions[0] = "Wat is jouw moeders familienaam?";
- $questions[1] = "In welke stad ben je geboren?";
- $questions[2] = "Wat is jouw lievelingskleur?";
- $questions[3] = "Welk jaar ben je afgestudeerd?";
- $questions[4] = "Wat was de naam van je eerste liefje?";
- $questions[5] = "Wat is uw favoriet automerk?";
- if ($SQL = $link->prepare("SELECT `secQ` FROM `users_enc` WHERE `ID` = ? LIMIT 1"))
- {
- $SQL->bind_param('i',$userID);
- $SQL->execute();
- $SQL->store_result();
- $SQL->bind_result($secQ);
- $SQL->fetch();
- $SQL->close();
- return $questions[$secQ];
- } else {
- return false;
- }
- }
- function checkSecAnswer($userID,$answer)
- {
- global $link;
- global $_SESSION;
- if ($SQL = $link->prepare("SELECT `Username` FROM `users_enc` WHERE `ID` = ? AND LOWER(`secA`) = ? LIMIT 1"))
- {
- $answer = strtolower($answer);
- $SQL->bind_param('is',$userID,$answer);
- $SQL->execute();
- $SQL->store_result();
- $numRows = $SQL->num_rows();
- $SQL->close();
- if ($numRows >= 1)
- {
- return true;
- } else {
- $_SESSION['alert'] = '<strong>FOUT!</strong> Je antwoord op de vraag was niet correct.';
- return false;
- }
- }
- }
- function sendPasswordEmail($userID)
- {
- global $link;
- global $_SESSION;
- if ($SQL = $link->prepare("SELECT Username,Email FROM users_enc WHERE ID = ? LIMIT 1"))
- {
- $SQL->bind_param('i',$userID);
- $SQL->execute();
- $SQL->store_result();
- $SQL->bind_result($uname,$email);
- $SQL->fetch();
- $SQL->close();
- $expFormat = mktime(date("H"), date("i"), date("s"), date("m") , date("d")+3, date("Y"));
- $expDate = date("Y-m-d H:i:s",$expFormat);
- $tohash = $uname . '_' . $email . rand(0,10000) .$expDate;
- $key = password_hash($tohash, PASSWORD_DEFAULT);
- $encUserID = urlencode(base64_encode($userID));
- if ($SQL = $link->prepare("INSERT INTO recoveryemails_enc (`UserID`,`Key`,`expDate`) VALUES (?,?,?)"))
- {
- $SQL->bind_param('iss',$userID,$key,$expDate);
- $SQL->execute();
- $SQL->close();
- $passwordLink = "<a href=\"http://mds.go-ao.eu/021passwords/wwreset.php?a=recover&email=" . $key . "&u=" . $encUserID . "\">http://mds.go-ao.eu/021passwords/wwreset.php?a=recover&email=" . $key . "&u=" . $encUserID . "</a>";
- $message = "<html><body>Beste $uname,<br>";
- $message .= "<p>Gelieve volgende link te volgen om je wachtwoord te resetten:<br>";
- $message .= "$passwordLink</p>";
- $message .= "<p>Mocht de link niet werken, gelieve de volledige link in je browser te kopiëren.</p>";
- $message .= "<p>De link zal om veiligheidsredenen na 3 dagen vervallen.</p>";
- $message .= "<p>Als u deze vergeten wachtwoord e-mail niet heeft aangevraagd, is geen verdere actie nodig, uw wachtwoord zal niet worden gereset zolang de link hierboven niet wordt bezocht.</p>";
- $message .= "<p>Alvast bedankt,</p>";
- $message .= "<p>MDS</p></body></html>";
- $mail = new PHPMailer;
- $mail->isSMTP();
- $mail->Host = 'smtp.gmail.com';
- $mail->SMTPAuth = true;
- $mail->Username = "xxx@go-ao.eu";
- $mail->Password = 'xxx';
- $mail->Username = "xxx@go-ao.eu";
- $mail->SMTPSecure = 'tls';
- $mail->Port = 587;
- $mail->setFrom('xxx@go-ao.eu', 'Webmaster 6info.go-ao.eu/xxx');
- $mail->addAddress($email, $uname);
- $mail->isHTML(true);
- $mail->Subject = "Uw aanvraag voor nieuw wachtwoord";
- $mail->Body = $message;
- $mail->AltBody = strip_tags($message);
- if ($mail->send()) {
- return true;
- } else {
- $_SESSION['alert'] = '<strong>FOUT bij verzenden!</strong><p>Er is iets fout gelopen tijdens het verzenden van je mail:</p><p>' . $mail->ErrorInfo .'</p>';
- return false;
- }
- }
- }
- $_SESSION['alert'] = '<strong>FOUT bij verzenden!</strong><p>Er is iets fout gelopen tijdens het verzenden van je mail:</p><p>'.$link->error.'</p>';
- return false;
- }
- function checkEmailKey($key,$userID)
- {
- global $link;
- $curDate = date("Y-m-d H:i:s");
- if ($SQL = $link->prepare("SELECT `UserID` FROM `recoveryemails_enc` WHERE `Key` = ? AND `UserID` = ? AND `expDate` >= ?"))
- {
- $SQL->bind_param('sis',$key,$userID,$curDate);
- $SQL->execute();
- $SQL->execute();
- $SQL->store_result();
- $numRows = $SQL->num_rows();
- $SQL->bind_result($userID);
- $SQL->fetch();
- $SQL->close();
- if ($numRows > 0 && $userID != '')
- {
- return array('status'=>true,'userID'=>$userID);
- }
- }
- return false;
- }
- function updateUserPassword($userID,$password,$key)
- {
- global $link;
- if (checkEmailKey($key,$userID) === false) return false;
- if ($SQL = $link->prepare("UPDATE `users_enc` SET `Password` = ? WHERE `ID` = ?"))
- {
- $password = password_hash(trim($password), PASSWORD_DEFAULT);
- $SQL->bind_param('si',$password,$userID);
- $SQL->execute();
- $SQL->close();
- $SQL = $link->prepare("DELETE FROM `recoveryemails_enc` WHERE `Key` = ?");
- $SQL->bind_param('s',$key);
- $SQL->execute();
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement