Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // display all error(s)
- error_reporting(-1);
- ini_set('display_errors', 'true');
- // get what action user is here for
- $action = $_GET['action'];
- // include common.inc.php
- include 'core/common.inc.php';
- // if user is here to sign in to their account
- if ($action == 'sign_in') {
- // protect from users already logged in
- protect();
- // show navbar & set page title to 'Log In to account'
- showHeader('Sign In to account');
- // show loginModule for user to sign in to
- loginModule();
- showFooter();
- }
- // if user is here to logout to their account
- if ($action == 'logout') {
- // hide all errors
- error_reporting(0);
- // set page title to 'logout' & show navbar
- showHeader('logout');
- // protect from users that aren't already logged in...
- protect2();
- // destroy session (log out)
- session_destroy();
- // notify user logout was successful
- echo "<p class='success'>logout successful</p>";
- echo '<p class="info">If you have not been redirected, try to <a href="index.php">refresh</a> your page.</p>';
- // redirect user to homepage & exit();
- redirect('index.php');
- exit();
- }
- if ($action == 'register_account') {
- // hide all errors
- error_reporting(0);
- // show navbar and set title to 'Register Account'
- showHeader('Register Account');
- // protect page from users that are already logged in
- protect();
- // include function to make sure registration form checks for errors
- function checkRegisterErrors() {
- if(isset($_POST['submit_registration'])){
- require 'core/findConflict.php';
- $username = $_POST['username'];
- $password = $_POST['password'];
- $cpassword = $_POST['cpassword'];
- $email = $_POST['email'];
- $hash = password_hash($password, PASSWORD_DEFAULT);
- $query = dbConnect()->prepare("SELECT email, username FROM users WHERE username = :username OR email = :email");
- $query->bindParam(':username', $username);
- $query->bindParam(':email', $email);
- $query->execute();
- $conflictingItems = [];
- while ( $result = $query->fetch( PDO::FETCH_ASSOC ) ) {
- $conflictingItems[] = $result;
- }
- // for checking checkGoogleCaptcha() function!!
- require_once 'core/recaptchalib.php';
- if(isset($_POST['g-recaptcha-response']))
- $captcha = $_POST['g-recaptcha-response'];
- $response = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6Levrg4TAAAAAFmjcgKW8kDakmXTiBhmiCnUMchD&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']), true);
- if ( count ($conflictingItems) == 1 ) {
- switch ( getConflict($conflictingItems, $username, $email) ) {
- case 1:
- // username conflict
- echo "<p class='error'>username taken</p>";
- break;
- case 2:
- // Email conflict
- echo "<p class='error'>email already in use</p>";
- break;
- case 3:
- // email & username conflict
- echo '<p class="error">username & email in use</p>';
- break;
- }
- } elseif ( count($conflictingItems) == 2 ) {
- echo 'username & email already in use';
- // check if passwords match!
- } elseif ($password != $cpassword) {
- echo '<p class="error">passwords do not match</p>';
- // make sure password is between 8 - 16 characters
- } elseif (strlen($password) < 8 OR strlen($password) > 16) {
- echo '<p class="error">password must be between 8 & 16 characters</p>';
- // checks to make sure google recaptcha was posted!
- } elseif (!$captcha) {
- echo '<p class="error">please complete the captcha</p>';
- } elseif($response['success'] == false) {
- echo '<p class="error">you are a robot</p>';
- } else {
- // require config.php to get maximum file size --> $maximum_avatar_file_size = '125000';
- // to get avatars directory --> $avatars_directory = 'includes/uploads/avatars';
- require 'core/config.php';
- // need for file upload query & query to insert fields into database..
- $activation_id = uniqid(true);
- // file upload stuff... ONLY NEEDED FOR TESTING PURPOSES!
- // var_dump($_FILES);
- // move uploaded file to directory (includes/uploads/avatar)
- $upload_directory = $avatars_directory;
- // sets $image & gets image type, name, tmp_name
- $image = $_FILES['avatar'];
- $image_name = $_FILES['avatar']['name'];
- $image_tmp_name = $_FILES['avatar']['tmp_name'];
- $image_size = $_FILES['avatar']['size'];
- $image_type = $_FILES['avatar']['type'];
- // set file name (make it unique)
- $file_name = $activation_id . $image_name;
- // finds extension of file uploaded...
- $image_extension = strtolower(pathinfo($_FILES['avatar']['name'],PATHINFO_EXTENSION));
- // allowed extensions of file uploaded...
- $valid_image_extensions = array('jpeg', 'jpg', 'png', 'gif');
- // if image extension is a valid image extension...
- if (in_array($image_extension, $valid_image_extensions)) {
- if ($image_size > $maximum_avatar_file_size) {
- echo '<p class="error">error; file size is too large! Maximum file size is ' .$maximum_avatar_file_size. ' bytes. <a href="action.php?action=register_account">Retry Registration</a></p>';
- exit();
- } else {
- // move the file to desired directory ($upload_directory)
- move_uploaded_file($image_tmp_name, "$upload_directory/$file_name");
- }
- }
- // query to insert fields into database...
- //$activation_id = uniqid(true);
- $query = dbConnect()->prepare("INSERT INTO users (username, password, email, activated, activation_id, avatar) VALUES (:username, :password, :email, :activated, :activation_id, :avatar)");
- $query->bindParam(':username', $username);
- $query->bindParam(':email', $email);
- $query->bindParam(':password', $hash);
- $query->bindValue(':activated', "0");
- $query->bindValue(':activation_id', $activation_id);
- $query->bindValue(':avatar', $file_name);
- $query->execute();
- // set variables for optional fields...
- $firstName = $_POST['first_name'];
- $lastName = $_POST['last_name'];
- $birthday = $_POST['birthday'];
- $steam_profile = $_POST['steam_profile'];
- $twitter_profile = $_POST['twitter_profile'];
- $facebook_profile = $_POST['facebook_profile'];
- $instagram_profile = $_POST['instagram_profile'];
- // update user_details database
- $query2 = dbConnect()->prepare("INSERT INTO user_details (first_name, last_name, birthday, steam_profile, twitter_profile, facebook_profile, instagram_profile) VALUES (:firstName, :lastName, :birthday, :steam, :twitter, :facebook, :instagram)");
- $query2->bindParam(':firstName', $firstName);
- $query2->bindParam(':lastName', $lastName);
- $query2->bindParam(':birthday', $birthday);
- $query2->bindParam(':steam', $steam_profile);
- $query2->bindParam(':twitter', $twitter_profile);
- $query2->bindParam(':facebook', $facebook_profile);
- $query2->bindParam(':instagram', $instagram_profile);
- $query2->execute();
- // query to add image name to database to echo later on...
- /*
- $add_image_to_database = dbConnect()->prepare("INSERT INTO users (avatar) VALUES (:avatar)");
- $add_image_to_database->bindParam(':avatar', $file_name);
- $add_image_to_database->execute();
- */
- // send email verification
- require 'core/config.php';
- $subject = $url . 'Registration Confirmation';
- $link = 'http://' . $url. "/activate.php?activation_id=" . $activation_id;
- $message = 'Thanks for registering with us! Please verify your account at' . $link . ' so you can login.';
- $headers = 'From: ' .$contact_email;
- mail($email/* <-- Who its being sent to */, $subject, $message, $headers);
- echo '<p class="info">registration successful, please verify email before logging in.</p>';
- header('refresh:5;url=index.php');
- echo '<p class="info">if you are not redirected, try to <a href="index.php">refresh</a> your page.</p>';
- }
- }
- }
- // echo registration form
- echo '
- <center>
- <form enctype="multipart/form-data" action="" method="post" class="register_module">
- <h2 style="text-align:left;font-family:"Roboto",sans-serif;">Account Credentials<span style="font-size:12px;font-weight:400;"> (required)</span></h2>
- <div class="account_credentials">
- <input class="register_module protect_from_spaces" type="text" name="username" placeholder="choose a username*" maxlength="30" required><br />
- <input class="register_module protect_from_spaces" type="email" name="email" placeholder="email address*" required><br />
- <div class="row_inline">
- <input class="register_module input protect_from_spaces" type="password" name="password" placeholder="password*" maxlength="18" required>
- <input class="register_module input protect_from_spaces" type="password" name="cpassword" placeholder="confirm password*" maxlength="18" required><br />
- </div>
- </div>
- <br />
- <!-- here add user details section (name, avatar, birthday, etc...) -->
- <h2 style="text-align:left;font-family:"Roboto",sans-serif;">Account Details<span style="font-size:12px;font-weight:400;"> (optional)</span></h2>
- <br />
- <div class="account_details">
- <p style="text-align:left;font-family:"Roboto",sans-serif;font-weight:400;">Name:<span style="font-size:12px;font-weight:400;"> (required)</span></p>
- <input class="register_module_short protect_from_spaces" style="margin-right:1%;" type="text" name="first_name" placeholder="first name*" required />
- <input class="register_module_short protect_from_spaces" type="text" name="last_name" placeholder="last name" />
- <p style="text-align:left;font-family:"Roboto",sans-serif;font-weight:400;">Birthday:</p>
- <input style="margin-top:-10px;" class="register_module protect_from_spaces" type="date" name="birthday" />
- <p style="text-align:left;font-family:"Roboto",sans-serif;font-weight:400;">Social Link(s):</p>
- <input class="register_module protect_from_spaces" type="text" style="margin-top:-10px;" type="url" name="steam_profile" placeholder="steam profile (http://www.steamcommunity.com/id/lowheartrate/)" />
- <input class="register_module protect_from_spaces" type="text" name="twitter_profile" placeholder="twitter profile (https://twitter.com/lowheartrate)" />
- <input class="register_module protect_from_spaces" type="text" name="facebook_profile" placeholder="facebook profile (https://www.facebook.com/officiallowheartrate)" />
- <input class="register_module protect_from_spaces" type="text" name="instagram_profile" placeholder="instagram profile (https://instagram.com/lowheartrate)" />
- <!-- image upload for avatar... -->
- <div class="image_uploader">
- <h2 style="text-align:left;font-family:"Roboto",sans-serif;">✌ Avatar Uploader</h2><br />
- <p style="margin-top:-20px;font-size:12px;text-align:left;">Select image to upload:</p>
- <div style="text-align:left;font-size:12px;margin-top:-5px;margin-bottom:25px;">
- <input type="file" name="avatar" class="" />
- </div>
- </div>
- </div>
- <!-- check errors in registration -->
- ';
- checkRegisterErrors();
- echo '
- <br />
- <p class="pull-left" style="max-width:50%;">by signing up, you agree to our <a href="#">terms</a> and that you have read our <a href="#">privacy policy</a> and <a href="#">content policy</a>.</p>
- <div class="g-recaptcha pull-right" data-sitekey="6Levrg4TAAAAAN-pL6Xl2tndj3ZDn5nJ3PRUhMV-"></div><br />
- <br />
- <button type="submit" name="submit_registration" class="btn-register" style="margin-top:10px;">sign up</button>
- </form>
- </center>
- ';
- }
- // if user is here to active account...
- if ($action == 'verify_email') {
- // if user is logged in - protect page
- protect();
- // show header
- showHeader('Verify Email');
- // get the activation id from url
- $activationID = $_GET['activation_id'];
- // update the users activated to '1'
- $sql = "UPDATE users SET activated = :activated WHERE activation_id = :activation_id";
- $activate = dbConnect()->prepare($sql);
- $activate->bindValue(':activated', '1');
- $activate->bindParam(':activation_id', $activationID);
- $activate->execute();
- // echo success message & redirect user
- echo '<p class="success">Your email has been validated successfully!</p>';
- redirect('index.php');
- }
- // if user is here because they forgot their password...
- if ($action == 'forgot_password') {
- // protect from users already logged in
- protect();
- // set page title to 'Forgot Password' & show header(navbar)
- showHeader('Forgot Password');
- // get current time
- date_default_timezone_set('America/New_York');
- $current_time = date('YmdHis');
- // if user hasn't submitted form with email:
- if(!isset($_POST['email'])) {
- // echo form to submit email for password reset link
- echo '
- <form method="post">
- <input type="hidden" name="resetpw_date" placeholder="Current date/time: ' .$current_time. '" />
- <input type="email" name="email" placeholder="email address" required /><br />
- <button class="btn btn-primary" type="submit" value="reset password">Reset Password</button>
- </form>
- ';
- // if user has submitted $_POST['email']
- } else {
- // random string from http://php.net/manual/en/function.openssl-random-pseudo-bytes.php
- for ($i = -1; $i <= 10; $i++) {
- $pwreset_code = openssl_random_pseudo_bytes($i, $cstrong);
- $pwresetcode = bin2hex($pwreset_code);
- }
- // set variable for $_POST['email']
- $email = $_POST['email'];
- // require config.php for email
- require_once 'core/config.php';
- // tell user email has been sent if email exists in database
- echo '<p class="info">If an account is registered with email: ' .$email. ', an email has been sent to reset the password.</p>';
- // send email to $email
- $msg = "<p>You are receiving this email because you requested your password to be reset, if you didn't you can ignore this email. <br />Follow the link below to reset your password.</p>";
- $msg .= "<p><a href='http://" .$url. "/reset_password.php?uid=" .$pwresetcode. "'>Reset password</a><br />Thank you</p>";
- $msg = wordwrap($msg,70);
- $headers = "MIME-Version: 1.0" . "\r\n";
- $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
- mail($email, "PASSWORD RESET", $msg, $headers);
- // update resetpw_id and resetpw_date fields in database
- try {
- // insert $pwresetcode into resetpw_code in db where email = email submitted...
- $email = $_POST['email'];
- $pwresetcode = bin2hex($pwreset_code);
- $pwcodedb = dbConnect()->prepare("UPDATE users SET resetpw_id = :pwresetcode, resetpw_date = :currentTime WHERE email = :email");
- $pwcodedb->bindParam(':email', $email);
- $pwcodedb->bindParam(':pwresetcode', $pwresetcode);
- $pwcodedb->bindParam(':currentTime', $current_time);
- $pwcodedb->execute();
- } catch(PDOException $e) {
- echo $pwcodedb . '<br />' . $e->getMessage();
- }
- }
- }
- // if user is here to reset their password
- if ($action == 'reset_password') {
- // report all errors
- error_reporting(E_ALL);
- // set page title to 'Update Password' & include navbar
- showHeader('Update Password');
- // get uid from url
- $uid = $_GET['uid'];
- // protect page from users that are already logged in
- protect();
- // show form to user
- echo '
- <form method="POST">
- <input type="hidden" placeholder="your uid is <?php echo $uid; ?>" name="uid" class="input2" readonly required />
- <input type="password" placeholder="new password" name="newPassword" class="input" required />
- <input type="password" placeholder="confirm new password" name="confirmNewPassword" class="input" required />
- <br />
- <button type="submit" class="btn btn-primary">change password</button>
- </form>
- ';
- // set timezone
- date_default_timezone_set('America/New_York');
- // select the date user request pw reset
- $fetch_time = dbConnect()->prepare("SELECT resetpw_date FROM users WHERE resetpw_id = :uid");
- $fetch_time->bindParam(':uid', $uid);
- $fetch_time->execute();
- // ..
- while($row = $fetch_time->fetch(PDO::FETCH_ASSOC)) {
- //$stored_username = $row['username'];
- $stored_resetpw_date = $row['resetpw_date'];
- $resetpw_date = new DateTime($stored_resetpw_date);
- $resetpw_date->format('YmdHis');
- }
- // date_time RIGHT NOW!
- $timeRightNow = date('YmdHis');
- // Difference between $stored_resetpw_date and $current_time
- $currentTime = strtotime($timeRightNow);
- $requestedPwDate = strtotime($stored_resetpw_date);
- $diff = ($currentTime - $requestedPwDate) / 60;
- // if users submits form with new password and confirm password filled out
- if (isset($_POST['newPassword'], $_POST['confirmNewPassword'])) {
- $newPassword = $_POST['newPassword'];
- $confirmNewPassword = $_POST['confirmNewPassword'];
- // if they posted their UID, new password, and confirm new password...
- $sql = "SELECT email, username, password FROM users WHERE resetpw_id = :uid";
- $reset_pw_db_select=dbConnect()->prepare($sql);
- $reset_pw_db_select->bindParam(':uid', $uid);
- $reset_pw_db_select->execute();
- // if passwords don't match give user error
- if ($newPassword != $confirmNewPassword) {
- echo '<p class="error pull-right">passwords do not match</p>';
- // if passwords are less then 8 characters give user error
- } elseif (strlen($newPassword) < 8) {
- echo '<p class="error pull-right">passwords must be at least 8 characters</p>';
- // if user requested pw reset more then 15 minutes ago...
- } elseif ($diff > 15) {
- echo '<p class="error pull-right">reset uid has expired</p>';
- // if no errors, update passwords in db to one's posted
- } else {
- $hashed_password = password_hash($newPassword, PASSWORD_DEFAULT);
- $reset_pw_db=dbConnect()->prepare("UPDATE users SET password = '$hashed_password' WHERE resetpw_id = '$uid'");
- //echo $hashed_password;
- $reset_pw_db->execute();
- // provide success message and redirect to homepage
- echo '<p class="success pull-right">password reset successfully!</p>';
- redirect('index.php');
- }
- }
- }
- if ($action == 'edit_account') {
- // set page title to 'Edit Account' & show navbar
- showHeader('Edit Account');
- // protect page from users that are not logged in...
- protect2();
- echo '<p class="error">function currently unavailable, sorry.</p>';
- }
Add Comment
Please, Sign In to add comment