API tools faq
paste
lowheartrate

action.php 11292016-0618

lowheartrate
Nov 29th, 2016
125
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 19.26 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. // display all error(s)
  3. error_reporting(-1);
  4. ini_set('display_errors', 'true');
  5.  
  6. // get what action user is here for
  7. $action = $_GET['action'];
  8.  
  9. // include common.inc.php
  10. include 'core/common.inc.php';
  11.  
  12. // if user is here to sign in to their account
  13. if ($action == 'sign_in') {
  14.   // protect from users already logged in
  15.   protect();
  16.  
  17.   // show navbar & set page title to 'Log In to account'
  18.   showHeader('Sign In to account');
  19.  
  20.   // show loginModule for user to sign in to
  21.   loginModule();
  22.  
  23.   showFooter();
  24. }
  25.  
  26. // if user is here to logout to their account
  27. if ($action == 'logout') {
  28.   // hide all errors
  29.   error_reporting(0);
  30.  
  31.   // set page title to 'logout' & show navbar
  32.   showHeader('logout');
  33.  
  34.   // protect from users that aren't already logged in...
  35.   protect2();
  36.  
  37.   // destroy session (log out)
  38.   session_destroy();
  39.  
  40.   // notify user logout was successful
  41.   echo "<p class='success'>logout successful</p>";
  42.   echo '<p class="info">If you have not been redirected, try to <a href="index.php">refresh</a> your page.</p>';
  43.  
  44.   // redirect user to homepage & exit();
  45.   redirect('index.php');
  46.   exit();
  47. }
  48.  
  49. if ($action == 'register_account') {
  50.   // hide all errors
  51.   error_reporting(0);
  52.  
  53.   // show navbar and set title to 'Register Account'
  54.   showHeader('Register Account');
  55.  
  56.   // protect page from users that are already logged in
  57.   protect();
  58.  
  59.   // include function to make sure registration form checks for errors
  60.   function checkRegisterErrors() {
  61.     if(isset($_POST['submit_registration'])){
  62.         require 'core/findConflict.php';
  63.         $username = $_POST['username'];
  64.         $password = $_POST['password'];
  65.         $cpassword = $_POST['cpassword'];
  66.         $email = $_POST['email'];
  67.         $hash = password_hash($password, PASSWORD_DEFAULT);
  68.         $query = dbConnect()->prepare("SELECT email, username FROM users WHERE username = :username OR email = :email");
  69.         $query->bindParam(':username', $username);
  70.         $query->bindParam(':email', $email);
  71.         $query->execute();
  72.         $conflictingItems = [];
  73.         while ( $result = $query->fetch( PDO::FETCH_ASSOC ) ) {
  74.             $conflictingItems[] = $result;
  75.         }
  76.         // for checking checkGoogleCaptcha() function!!
  77.         require_once 'core/recaptchalib.php';
  78.         if(isset($_POST['g-recaptcha-response']))
  79.         $captcha = $_POST['g-recaptcha-response'];
  80.         $response = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6Levrg4TAAAAAFmjcgKW8kDakmXTiBhmiCnUMchD&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']), true);
  81.  
  82.         if ( count ($conflictingItems) == 1 ) {
  83.           switch ( getConflict($conflictingItems, $username, $email) ) {
  84.               case 1:
  85.               // username conflict
  86.               echo "<p class='error'>username taken</p>";
  87.               break;
  88.               case 2:
  89.               // Email conflict
  90.               echo "<p class='error'>email already in use</p>";
  91.               break;
  92.               case 3:
  93.               // email & username conflict
  94.               echo '<p class="error">username & email in use</p>';
  95.               break;
  96.           }
  97.         } elseif ( count($conflictingItems) == 2 ) {
  98.           echo 'username & email already in use';
  99.  
  100.         // check if passwords match!
  101.         } elseif ($password != $cpassword) {
  102.           echo '<p class="error">passwords do not match</p>';
  103.  
  104.         // make sure password is between 8 - 16 characters
  105.         } elseif (strlen($password) < 8 OR strlen($password) > 16) {
  106.           echo '<p class="error">password must be between 8 & 16 characters</p>';
  107.  
  108.         // checks to make sure google recaptcha was posted!
  109.         } elseif (!$captcha) {
  110.           echo '<p class="error">please complete the captcha</p>';
  111.         } elseif($response['success'] == false) {
  112.           echo '<p class="error">you are a robot</p>';
  113.  
  114.  
  115.         } else {
  116.           // require config.php to get maximum file size --> $maximum_avatar_file_size = '125000';
  117.           //                    to get avatars directory --> $avatars_directory = 'includes/uploads/avatars';
  118.           require 'core/config.php';
  119.  
  120.           // need for file upload query & query to insert fields into database..
  121.           $activation_id = uniqid(true);
  122.  
  123.           // file upload stuff... ONLY NEEDED FOR TESTING PURPOSES!
  124.           // var_dump($_FILES);
  125.  
  126.           // move uploaded file to directory (includes/uploads/avatar)
  127.           $upload_directory = $avatars_directory;
  128.           // sets $image & gets image type, name, tmp_name
  129.           $image = $_FILES['avatar'];
  130.           $image_name = $_FILES['avatar']['name'];
  131.           $image_tmp_name = $_FILES['avatar']['tmp_name'];
  132.           $image_size = $_FILES['avatar']['size'];
  133.           $image_type = $_FILES['avatar']['type'];
  134.  
  135.           // set file name (make it unique)
  136.           $file_name = $activation_id . $image_name;
  137.  
  138.           // finds extension of file uploaded...
  139.           $image_extension = strtolower(pathinfo($_FILES['avatar']['name'],PATHINFO_EXTENSION));
  140.           // allowed extensions of file uploaded...
  141.           $valid_image_extensions = array('jpeg', 'jpg', 'png', 'gif');
  142.  
  143.           // if image extension is a valid image extension...
  144.           if (in_array($image_extension, $valid_image_extensions)) {
  145.             if ($image_size > $maximum_avatar_file_size) {
  146.               echo '<p class="error">error; file size is too large! Maximum file size is ' .$maximum_avatar_file_size. ' bytes. <a href="action.php?action=register_account">Retry Registration</a></p>';
  147.               exit();
  148.             } else {
  149.               // move the file to desired directory ($upload_directory)
  150.               move_uploaded_file($image_tmp_name, "$upload_directory/$file_name");
  151.             }
  152.           }
  153.  
  154.  
  155.           // query to insert fields into database...
  156.           //$activation_id = uniqid(true);
  157.           $query = dbConnect()->prepare("INSERT INTO users (username, password, email, activated, activation_id, avatar) VALUES (:username, :password, :email, :activated, :activation_id, :avatar)");
  158.           $query->bindParam(':username', $username);
  159.           $query->bindParam(':email', $email);
  160.           $query->bindParam(':password', $hash);
  161.           $query->bindValue(':activated', "0");
  162.           $query->bindValue(':activation_id', $activation_id);
  163.           $query->bindValue(':avatar', $file_name);
  164.           $query->execute();
  165.  
  166.           // set variables for optional fields...
  167.           $firstName = $_POST['first_name'];
  168.           $lastName = $_POST['last_name'];
  169.           $birthday = $_POST['birthday'];
  170.           $steam_profile = $_POST['steam_profile'];
  171.           $twitter_profile = $_POST['twitter_profile'];
  172.           $facebook_profile = $_POST['facebook_profile'];
  173.           $instagram_profile = $_POST['instagram_profile'];
  174.  
  175.           // update user_details database
  176.           $query2 = dbConnect()->prepare("INSERT INTO user_details (first_name, last_name, birthday, steam_profile, twitter_profile, facebook_profile, instagram_profile) VALUES (:firstName, :lastName, :birthday, :steam, :twitter, :facebook, :instagram)");
  177.           $query2->bindParam(':firstName', $firstName);
  178.           $query2->bindParam(':lastName', $lastName);
  179.           $query2->bindParam(':birthday', $birthday);
  180.           $query2->bindParam(':steam', $steam_profile);
  181.           $query2->bindParam(':twitter', $twitter_profile);
  182.           $query2->bindParam(':facebook', $facebook_profile);
  183.           $query2->bindParam(':instagram', $instagram_profile);
  184.           $query2->execute();
  185.  
  186.           // query to add image name to database to echo later on...
  187.           /*
  188.           $add_image_to_database = dbConnect()->prepare("INSERT INTO users (avatar) VALUES (:avatar)");
  189.           $add_image_to_database->bindParam(':avatar', $file_name);
  190.           $add_image_to_database->execute();
  191.           */
  192.  
  193.           // send email verification
  194.           require 'core/config.php';
  195.           $subject = $url . 'Registration Confirmation';
  196.           $link = 'http://' . $url. "/activate.php?activation_id=" . $activation_id;
  197.           $message = 'Thanks for registering with us! Please verify your account at' . $link . ' so you can login.';
  198.           $headers = 'From: ' .$contact_email;
  199.           mail($email/* <-- Who its being sent to */, $subject, $message, $headers);
  200.           echo '<p class="info">registration successful, please verify email before logging in.</p>';
  201.  
  202.           header('refresh:5;url=index.php');
  203.  
  204.           echo '<p class="info">if you are not redirected, try to <a href="index.php">refresh</a> your page.</p>';
  205.         }
  206.     }
  207.   }
  208.  
  209.   // echo registration form
  210.   echo '
  211.  <center>
  212.    <form enctype="multipart/form-data" action="" method="post" class="register_module">
  213.  
  214.      <h2 style="text-align:left;font-family:"Roboto",sans-serif;">Account Credentials<span style="font-size:12px;font-weight:400;"> (required)</span></h2>
  215.  
  216.      <div class="account_credentials">
  217.        <input class="register_module protect_from_spaces" type="text" name="username" placeholder="choose a username*" maxlength="30" required><br />
  218.        <input class="register_module protect_from_spaces" type="email" name="email" placeholder="email address*" required><br />
  219.  
  220.        <div class="row_inline">
  221.          <input class="register_module input protect_from_spaces" type="password" name="password" placeholder="password*" maxlength="18" required>
  222.          <input class="register_module input protect_from_spaces" type="password" name="cpassword" placeholder="confirm password*" maxlength="18" required><br />
  223.        </div>
  224.      </div>
  225.        <br />
  226.  
  227.        <!-- here add user details section (name, avatar, birthday, etc...) -->
  228.        <h2 style="text-align:left;font-family:"Roboto",sans-serif;">Account Details<span style="font-size:12px;font-weight:400;"> (optional)</span></h2>
  229.  
  230.        <br />
  231.        <div class="account_details">
  232.          <p style="text-align:left;font-family:"Roboto",sans-serif;font-weight:400;">Name:<span style="font-size:12px;font-weight:400;"> (required)</span></p>
  233.          <input class="register_module_short protect_from_spaces" style="margin-right:1%;" type="text" name="first_name" placeholder="first name*" required />
  234.          <input class="register_module_short protect_from_spaces" type="text" name="last_name" placeholder="last name" />
  235.  
  236.          <p style="text-align:left;font-family:"Roboto",sans-serif;font-weight:400;">Birthday:</p>
  237.          <input style="margin-top:-10px;" class="register_module protect_from_spaces" type="date" name="birthday" />
  238.  
  239.          <p style="text-align:left;font-family:"Roboto",sans-serif;font-weight:400;">Social Link(s):</p>
  240.          <input class="register_module protect_from_spaces" type="text" style="margin-top:-10px;" type="url" name="steam_profile" placeholder="steam profile (http://www.steamcommunity.com/id/lowheartrate/)" />
  241.          <input class="register_module protect_from_spaces" type="text" name="twitter_profile" placeholder="twitter profile (https://twitter.com/lowheartrate)" />
  242.          <input class="register_module protect_from_spaces" type="text" name="facebook_profile" placeholder="facebook profile (https://www.facebook.com/officiallowheartrate)" />
  243.          <input class="register_module protect_from_spaces" type="text" name="instagram_profile" placeholder="instagram profile (https://instagram.com/lowheartrate)" />
  244.  
  245.          <!-- image upload for avatar... -->
  246.          <div class="image_uploader">
  247.            <h2 style="text-align:left;font-family:"Roboto",sans-serif;">✌ Avatar Uploader</h2><br />
  248.  
  249.            <p style="margin-top:-20px;font-size:12px;text-align:left;">Select image to upload:</p>
  250.            <div style="text-align:left;font-size:12px;margin-top:-5px;margin-bottom:25px;">
  251.              <input type="file" name="avatar" class="" />
  252.            </div>
  253.          </div>
  254.        </div>
  255.  
  256.        <!-- check errors in registration -->
  257.  ';
  258.   checkRegisterErrors();
  259.   echo '
  260.  
  261.        <br />
  262.        <p class="pull-left" style="max-width:50%;">by signing up, you agree to our <a href="#">terms</a> and that you have read our <a href="#">privacy policy</a> and <a href="#">content policy</a>.</p>
  263.        <div class="g-recaptcha pull-right" data-sitekey="6Levrg4TAAAAAN-pL6Xl2tndj3ZDn5nJ3PRUhMV-"></div><br />
  264.  
  265.        <br />
  266.  
  267.        <button type="submit" name="submit_registration" class="btn-register" style="margin-top:10px;">sign up</button>
  268.    </form>
  269.  </center>
  270.  ';
  271. }
  272.  
  273. // if user is here to active account...
  274. if ($action == 'verify_email') {
  275.   // if user is logged in - protect page
  276.   protect();
  277.  
  278.   // show header
  279.   showHeader('Verify Email');
  280.  
  281.   // get the activation id from url
  282.   $activationID = $_GET['activation_id'];
  283.  
  284.   // update the users activated to '1'
  285.   $sql = "UPDATE users SET activated = :activated WHERE activation_id = :activation_id";
  286.   $activate = dbConnect()->prepare($sql);
  287.   $activate->bindValue(':activated', '1');
  288.   $activate->bindParam(':activation_id', $activationID);
  289.   $activate->execute();
  290.  
  291.   // echo success message & redirect user
  292.   echo '<p class="success">Your email has been validated successfully!</p>';
  293.   redirect('index.php');
  294. }
  295.  
  296. // if user is here because they forgot their password...
  297. if ($action == 'forgot_password') {
  298.   // protect from users already logged in
  299.   protect();
  300.  
  301.   // set page title to 'Forgot Password' & show header(navbar)
  302.   showHeader('Forgot Password');
  303.  
  304.   // get current time
  305.   date_default_timezone_set('America/New_York');
  306.   $current_time = date('YmdHis');
  307.  
  308.   // if user hasn't submitted form with email:
  309.   if(!isset($_POST['email'])) {
  310.     // echo form to submit email for password reset link
  311.     echo '
  312.    <form method="post">
  313.      <input type="hidden" name="resetpw_date" placeholder="Current date/time: ' .$current_time. '" />
  314.      <input type="email" name="email" placeholder="email address" required /><br />
  315.      <button class="btn btn-primary" type="submit" value="reset password">Reset Password</button>
  316.    </form>
  317.    ';
  318.  
  319.     // if user has submitted $_POST['email']
  320.   } else {
  321.  
  322.     // random string from http://php.net/manual/en/function.openssl-random-pseudo-bytes.php
  323.     for ($i = -1; $i <= 10; $i++) {
  324.       $pwreset_code = openssl_random_pseudo_bytes($i, $cstrong);
  325.       $pwresetcode = bin2hex($pwreset_code);
  326.     }
  327.  
  328.     // set variable for $_POST['email']
  329.     $email = $_POST['email'];
  330.  
  331.     // require config.php for email
  332.     require_once 'core/config.php';
  333.  
  334.     // tell user email has been sent if email exists in database
  335.     echo '<p class="info">If an account is registered with email: ' .$email. ', an email has been sent to reset the password.</p>';
  336.  
  337.     // send email to $email
  338.     $msg = "<p>You are receiving this email because you requested your password to be reset, if you didn't you can ignore this email. <br />Follow the link below to reset your password.</p>";
  339.     $msg .= "<p><a href='http://" .$url. "/reset_password.php?uid=" .$pwresetcode. "'>Reset password</a><br />Thank you</p>";
  340.     $msg = wordwrap($msg,70);
  341.     $headers = "MIME-Version: 1.0" . "\r\n";
  342.     $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
  343.     mail($email, "PASSWORD RESET", $msg, $headers);
  344.  
  345.     // update resetpw_id and resetpw_date fields in database
  346.     try {
  347.       // insert $pwresetcode into resetpw_code in db where email = email submitted...
  348.       $email = $_POST['email'];
  349.       $pwresetcode = bin2hex($pwreset_code);
  350.       $pwcodedb = dbConnect()->prepare("UPDATE users SET resetpw_id = :pwresetcode, resetpw_date = :currentTime WHERE email = :email");
  351.       $pwcodedb->bindParam(':email', $email);
  352.       $pwcodedb->bindParam(':pwresetcode', $pwresetcode);
  353.       $pwcodedb->bindParam(':currentTime', $current_time);
  354.       $pwcodedb->execute();
  355.     } catch(PDOException $e) {
  356.       echo $pwcodedb . '<br />' . $e->getMessage();
  357.     }
  358.  
  359.   }
  360. }
  361.  
  362. // if user is here to reset their password
  363. if ($action == 'reset_password') {
  364.   // report all errors
  365.   error_reporting(E_ALL);
  366.  
  367.   // set page title to 'Update Password' & include navbar
  368.   showHeader('Update Password');
  369.  
  370.   // get uid from url
  371.   $uid = $_GET['uid'];
  372.  
  373.   // protect page from users that are already logged in
  374.   protect();
  375.  
  376.   // show form to user
  377.   echo '
  378.  <form method="POST">
  379.    <input type="hidden" placeholder="your uid is <?php echo $uid; ?>" name="uid" class="input2" readonly required />
  380.    <input type="password" placeholder="new password" name="newPassword" class="input" required />
  381.    <input type="password" placeholder="confirm new password" name="confirmNewPassword" class="input" required />
  382.    <br />
  383.    <button type="submit" class="btn btn-primary">change password</button>
  384.  </form>
  385.  ';
  386.  
  387.   // set timezone
  388.   date_default_timezone_set('America/New_York');
  389.  
  390.   // select the date user request pw reset
  391.   $fetch_time =  dbConnect()->prepare("SELECT resetpw_date FROM users WHERE resetpw_id = :uid");
  392.   $fetch_time->bindParam(':uid', $uid);
  393.   $fetch_time->execute();
  394.  
  395.   // ..
  396.   while($row = $fetch_time->fetch(PDO::FETCH_ASSOC)) {
  397.     //$stored_username = $row['username'];
  398.     $stored_resetpw_date = $row['resetpw_date'];
  399.     $resetpw_date = new DateTime($stored_resetpw_date);
  400.     $resetpw_date->format('YmdHis');
  401.   }
  402.  
  403.   // date_time RIGHT NOW!
  404.   $timeRightNow = date('YmdHis');
  405.  
  406.   // Difference between $stored_resetpw_date and $current_time
  407.   $currentTime = strtotime($timeRightNow);
  408.   $requestedPwDate = strtotime($stored_resetpw_date);
  409.   $diff = ($currentTime - $requestedPwDate) / 60;
  410.  
  411.   // if users submits form with new password and confirm password filled out
  412.   if (isset($_POST['newPassword'], $_POST['confirmNewPassword'])) {
  413.   $newPassword = $_POST['newPassword'];
  414.   $confirmNewPassword = $_POST['confirmNewPassword'];
  415.   // if they posted their UID, new password, and confirm new password...
  416.   $sql = "SELECT email, username, password FROM users WHERE resetpw_id = :uid";
  417.   $reset_pw_db_select=dbConnect()->prepare($sql);
  418.   $reset_pw_db_select->bindParam(':uid', $uid);
  419.   $reset_pw_db_select->execute();
  420.  
  421.     // if passwords don't match give user error
  422.     if ($newPassword != $confirmNewPassword) {
  423.       echo '<p class="error pull-right">passwords do not match</p>';
  424.  
  425.     // if passwords are less then 8 characters give user error
  426.     } elseif (strlen($newPassword) < 8) {
  427.       echo '<p class="error pull-right">passwords must be at least 8 characters</p>';
  428.  
  429.     // if user requested pw reset more then 15 minutes ago...
  430.     } elseif ($diff > 15) {
  431.       echo '<p class="error pull-right">reset uid has expired</p>';
  432.  
  433.     // if no errors, update passwords in db to one's posted
  434.     } else {
  435.       $hashed_password = password_hash($newPassword, PASSWORD_DEFAULT);
  436.       $reset_pw_db=dbConnect()->prepare("UPDATE users SET password = '$hashed_password' WHERE resetpw_id = '$uid'");
  437.       //echo $hashed_password;
  438.       $reset_pw_db->execute();
  439.       // provide success message and redirect to homepage
  440.       echo '<p class="success pull-right">password reset successfully!</p>';
  441.       redirect('index.php');
  442.     }
  443.   }
  444. }
  445.  
  446. if ($action == 'edit_account') {
  447.   // set page title to 'Edit Account' & show navbar
  448.   showHeader('Edit Account');
  449.  
  450.   // protect page from users that are not logged in...
  451.   protect2();
  452.  
  453.   echo '<p class="error">function currently unavailable, sorry.</p>';
  454. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!