· 7 years ago · Jan 22, 2019, 05:18 PM
1<?php if(!isset($msg)){$msg="";}
2$site_email="support@topshelf.tech";$site_name="Top Shelf Tech";
3
4// password hash parameters; put this into a separate configuration file
5const PASSWORD_HASH_ALGO = PASSWORD_BCRYPT; // bcrypt is currently the only choice
6const PASSWORD_HASH_COST = 12; // adjust this to your own hardware (hashing a password should take roughly one second)
7const PASSWORD_MAX_LENGTH = 56; // bcrypt has a maximum input length of 56 bytes
8
9if((isset($_SESSION['username']) && trim($_SESSION['username']) != '')||(isset($_SESSION['email']) && trim($_SESSION['email']) != '')) {
10 $_SESSION['LoginSignupDisplay'] = "hide";
11 $_SESSION['LogoutDisplay'] = "show";
12 if(isset($_SESSION['name'])){
13 $_SESSION['loggedinMessage'] = "<p class='success' style='font-size: 14px;'>Welcome $_SESSION[name], <br> you are logged in.</p>";
14 }else{$_SESSION['loggedinMessage'] = "<p class='success' style='font-size: 14px;'>Welcome $_SESSION[username], <br> you are logged in.</p>";}
15} else {
16 $_SESSION['LoginSignupDisplay'] = "show";
17 $_SESSION['LogoutDisplay'] = "hide";
18 $_SESSION['loggedinMessage'] = "";
19}
20//---------------------------------------- PHP FUNCTIONS START --------------------------------------- //
21function add_to_head($tag="") {
22 global $page_head_tags;
23
24 if(!stristr($page_head_tags, $tag)){
25 $page_head_tags .= $tag."\n";
26 }
27}
28function test_input($data) {
29 $data = trim($data);
30 $data = stripslashes($data);
31 $data = htmlspecialchars($data);
32 return $data;
33}
34//----------------------------------------- PHP FUNCTIONS END ---------------------------------------- //
35
36//----------------------------------------- ACTIVATE PHP START -------------------------------------- //
37if(isset($_GET['user']) && $_GET['user'] != "" && isset($_GET['token']) && $_GET['token'] != ""){
38 $user = preg_replace('#[^0-9]#', '', $_GET['user']);
39 $token = preg_replace('#[^a-z0-9]#i', '', $_GET['token']);
40 $stmt = $db->prepare("SELECT id, activated, username, password, email, token FROM members WHERE id=:uid AND token=:token LIMIT 1");
41 $stmt->bindValue(':uid',$user,PDO::PARAM_STR);
42 $stmt->bindValue(':token',$token,PDO::PARAM_STR);
43 try{
44 $stmt->execute();
45 $count = $stmt->rowCount();
46 if($count > 0){
47 while($row = $stmt->fetch(PDO::FETCH_ASSOC)){
48 $user = $row['id'];
49 $username = $row['username'];
50 $email = $row['email'];
51 $hash = $row['password'];
52 $activated = $row['activated'];
53 $token = $row['token'];
54 if($activated==1){
55 header('Location: '.$_SESSION['url'].'?activated=1');
56 } else {
57 try{
58 $db->beginTransaction();
59 $updateSQL = $db->prepare("UPDATE members SET activated='1' WHERE id=:uid LIMIT 1");
60 // $updateLastLog = $db->prepare("UPDATE members (activated) VALUES (:uid) WHERE (id=:uid LIMIT 1)");
61 $updateSQL->bindValue(':uid',$user,PDO::PARAM_INT);
62 $updateSQL->execute();
63 $deleteSQL = $db->prepare("UPDATE members SET token='' WHERE id=:uid AND token=:token LIMIT 1");
64 // $deleteSQL = $db->prepare("UPDATE members (token) VALUES ('') WHERE (id=:uid AND token=:token LIMIT 1)");
65 $deleteSQL->bindValue(':uid',$user,PDO::PARAM_INT);
66 $deleteSQL->bindValue(':token',$token,PDO::PARAM_STR);
67 $deleteSQL->execute();
68 if(!file_exists("members/$user")){
69 mkdir("members/$user", 0755);
70 }
71 $db->commit();
72 $updateLastLog = $db->prepare("UPDATE members SET lastlog=now() WHERE id=:uid LIMIT 1");
73 // $updateLastLog = $db->prepare("UPDATE members (lastlog) VALUES (now()) WHERE (id=:uid LIMIT 1)");
74 $updateLastLog ->bindValue(':uid',$user,PDO::PARAM_INT);
75 $updateLastLog ->execute();
76 $_SESSION['uid']=$user;
77 $_SESSION['email']=$email;
78 $_SESSION['username']=$username;
79 $_SESSION['password']=$hash;
80 setcookie("id", $user, strtotime( '+30 days' ), "/", "", "", TRUE);
81 setcookie("email", $email, strtotime( '+30 days'), "/", "", "", TRUE);
82 setcookie("username", $username, strtotime( '+30 days'), "/", "", "", TRUE);
83 setcookie("password", $hash, strtotime( '+30 days'), "/", "", "", TRUE);
84 // $msg .= "<li class='success'>Login Successful</li>";
85 if(isset($_SESSION['username'])){$_SESSION['loggedinMessage'] = "<p>Welcome $_SESSION[username], you are logged in.</p>";}
86 if ((isset($_SESSION['username']) && trim($_SESSION['username']) != '')) {
87 $_SESSION['LoginSignupDisplay'] = "hide";
88 $_SESSION['LogoutDisplay'] = "show";
89 $_SESSION['loggedinMessage'] = "<p>Welcome $_SESSION[username], you are logged in.</p>";
90 } else {
91 $_SESSION['LoginSignupDisplay'] = "show";
92 $_SESSION['LogoutDisplay'] = "hide";
93 $_SESSION['loggedinMessage'] = "";
94 }
95 header('Location: '.$_SESSION['url'].'?activated=1');
96 }
97 catch(PDOException $e){
98 $db->rollBack();
99 $msg.="<li class='error'>Error</li>";
100 }
101 }
102 }
103 }
104 }
105 catch(PDOException $e){
106 $msg .= "<li class='error'>$e->getMessage($e)</li>";
107 }
108}
109//------------------------------------------- ACTIVATE PHP END -------------------------------------- //
110//-------------------------------------------- DELETE ACCOUNT PHP END --------------------------------------- //
111if(isset($_POST['DeleteAccount'])) {
112 if(isset($_SESSION['uid'])) {
113 $_SESSION['uid'] = $uid;
114 $msg.= "<p class='successsmall'>Delete Account has been pressed</p>";
115
116 // sql to delete a record
117 $sql = "DELETE FROM members WHERE id=:uid";
118 $sql->bindValue(':uid',$uid,PDO::PARAM_STR);
119 if ($db->query($sql) === TRUE) {
120 $msg.= "<p class='successsmall'>Account Deleted Successfully</p>";
121 } else {
122 echo "Error deleting account: " . $db->error;
123 }
124 }
125}else{
126// $msg.= "<p class='error'>Delete Account has NOT been pressed</p>";
127}
128//------------------------------------------- DELETE ACCOUNT PHP END ---------------------------------------- //
129//----------------------------------------------- RESEND ACTIVATION START -----------------------------------------------//
130if(isset($_POST['resendActivation'])){
131 $email = $_POST['email'];
132 $resend = $db->prepare("SELECT id, password, firstname, activated FROM members WHERE email=:email LIMIT 1");
133 $resend->bindValue(':email',$email,PDO::PARAM_INT);
134 $resend->execute();
135 $count = $resend->rowCount();
136 if($count > 0){
137 while($row = $resend->fetch(PDO::FETCH_ASSOC)){
138 $uid = $row['id'];
139 $firstname = $row['firstname'];
140 $hash = $row['password'];
141 $activated = $row['activated'];
142 if($activated != 1){
143
144 //your processing code goes here
145 require_once ($_SERVER["DOCUMENT_ROOT"]."/vendor/swiftmailer/swiftmailer/lib/swift_required.php");
146 include_once ($_SERVER["DOCUMENT_ROOT"]."/Scripts/smconfig.php");
147 $db->beginTransaction();
148 $token = md5($hash);
149 $stmt2 = $db->prepare("UPDATE members SET token=:token WHERE id=:uid");
150 $stmt2->bindParam(':uid',$uid,PDO::PARAM_STR);
151 $stmt2->bindParam(':token',$token,PDO::PARAM_STR);
152 try{
153 $stmt2->execute();
154 $db->commit();
155 }catch(PDOException $e){
156 $db->rollback();
157 $_SESSION['msg']="Fail:".$e;
158 }
159 $link = $_SESSION['url'].'?user='.$uid.'&token='.$token.'';
160 $data = "Welcome $firstname,<br><br><br>
161 Thanks for registering an account at $site_name! We are glad you decided to join us.
162 There's just one last step to set up your account. Please click the link below to confirm your identity and get started.
163 If the link below is not active please copy and paste it into your browser address bar.
164 <br><br>
165 $link";
166 // Create the Transport
167 $transport = Swift_SmtpTransport::newInstance('smtp.gmail.com', 465, 'ssl')
168 ->setUsername($user_name)
169 ->setPassword($pass_word);
170 // Create the Mailer using your created Transport
171 $mailer = Swift_Mailer::newInstance($transport);
172 // Create a message
173 $message = Swift_Message::newInstance('Sign Up')
174 ->setFrom(array($site_email => 'From: Auto Resposder @ '.$site_name))
175 ->setTo(array($email => 'Recipient'))
176 ->setSubject('IMPORTANT: Activate your '.$site_name.' Account')
177 ->setBody($data, 'text/html')
178 ;
179 // Send the message
180 $result = $mailer->send($message);
181 $msg .= "<li class='success'>Thanks your activation email should be arriving shortly <br>
182 Be sure to check your spam folder if the email is not arriving.</li>";
183 header('Location: '.$_SESSION['url'].'?activationsent=1');
184 } else {
185 $msg .="<li class='error'>You have not signed up yet, no user with that email exists.<br>Please sign up first or try again.</li>";
186 $msg .= "<form name='resendActivation' action='' method='POST'>Email: <input type='text' name='email' id='email'><br><br><button class='button' name='resendActivation' type='submit'>Re-Send</button></form>";
187 }
188 }
189 } else {
190 $msg .= "You have sent your activation email <br> Please check your email or try again <br> <form name='resendActivation' action='' method='POST'>Email: <input type='text' name='email' id='email'><br><br><button class='button' name='resendActivation' type='submit'>Re-Send</button></form>";
191 }
192}
193
194//------------------------------------------------ RESEND ACTIVATION END ------------------------------------------------//
195
196//----------------------------------- PHP LOGIN START ---------------------------------- //
197
198if(isset($_POST['Login'])) {
199 if(!isset($_SESSION['uid'])){
200 if(isset($_POST['email']) && trim($_POST['email']) != ""){
201 $email = $_POST['email'];
202 $password = $_POST['password'];
203 if (!(isset($_SESSION['username']) && trim($_SESSION['username']) != '')) {
204 if (strlen($password) <= PASSWORD_MAX_LENGTH) {
205 try{
206 $stmt1 = $db->prepare("SELECT id, email, username, password FROM members WHERE email=:email AND activated='1' LIMIT 1");
207 $stmt1->bindValue(':email',$email,PDO::PARAM_STR);
208 $stmt1->execute();
209 $count = $stmt1->rowCount();
210 if($count > 0){
211 while($row = $stmt1->fetch(PDO::FETCH_ASSOC)){
212 $uid = $row['id'];
213 $email = $row['email'];
214 $username = $row['username'];
215 $hash = $row['password'];
216 }
217 if (password_verify($password, $hash)) {
218 $updateLastLog = $db->prepare("UPDATE members SET lastlog=now() WHERE id=:uid LIMIT 1");
219 // $updateLastLog = $db->prepare("UPDATE members (lastlog) VALUES (now()) WHERE (id=:uid LIMIT 1)");
220 $updateLastLog ->bindValue(':uid',$user,PDO::PARAM_INT);
221 $updateLastLog ->execute();
222 $_SESSION['uid']=$uid;
223 $_SESSION['email']=$email;
224 $_SESSION['username']=$username;
225 $_SESSION['password']=$hash;
226 setcookie("id", $uid, strtotime( '+30 days' ), "/", "", "", TRUE);
227 setcookie("email", $email, strtotime( '+30 days'), "/", "", "", TRUE);
228 setcookie("username", $username, strtotime( '+30 days'), "/", "", "", TRUE);
229 setcookie("password", $hash, strtotime( '+30 days'), "/", "", "", TRUE);
230 // $msg .= "<li class='success'>Login Successful</li>";
231 if(isset($_SESSION['username'])){$_SESSION['loggedinMessage'] = "<p>Welcome $_SESSION[username], you are logged in.</p>";}
232 if ((isset($_SESSION['username']) && trim($_SESSION['username']) != '')) {
233 $_SESSION['LoginSignupDisplay'] = "hide";
234 $_SESSION['LogoutDisplay'] = "show";
235 $_SESSION['loggedinMessage'] = "<p>Welcome $_SESSION[username], you are logged in.</p>";
236 } else {
237 $_SESSION['LoginSignupDisplay'] = "show";
238 $_SESSION['LogoutDisplay'] = "hide";
239 $_SESSION['loggedinMessage'] = "";
240 }
241 header('Location: '.$_SESSION['url'].'');
242 } else {
243 $msg .= "<li class='error'>Invalid password go back and try again.</li>";
244 }
245 } else {
246 $email = $_POST['email'];
247 $stmt6 = $db->prepare("SELECT id, email FROM members WHERE email=:email LIMIT 1");
248 $stmt6->bindValue(':email',$email,PDO::PARAM_STR);
249 try{
250 $stmt6->execute();
251 $count = $stmt6->rowCount();
252 if($count > 0){
253 while($row = $stmt6->fetch(PDO::FETCH_ASSOC)){
254 $uid = $row['id'];
255 $email = $row['email'];
256 }
257 $msg .= "<li class='error'>You have not verified your email address yet</li>";
258 if(isset($_POST['email'])){$emailpost = htmlentities($_POST['email']);}
259 $msg .= "<form class='error' align='center' name='resendActivation' action='' method='POST'>
260 <input class='center' type='text' name='email' value=$emailpost><br><br>
261 <button class='button' name='resendActivation' type='submit'>Re-Send</button></form>";
262 } else {$msg .= "<li class='error'>A user with that email address does not exist</li>";}
263 }
264 catch(PDOException $e){
265 }
266 }
267 }
268 catch(PDOException $e){
269 $msg .= "<li class='error'>Login Failed'</li>";
270 }
271 } else {
272 $msg .= 'The password must not be longer than '.PASSWORD_MAX_LENGTH.' bytes.';
273 }
274 }
275 }else{
276 $msg .= "<li class='error'>You didn't enter an email address</li>";
277 }
278 }
279}
280//------------------------------------ PHP LOGIN END -------------------------------------//
281//----------------------------------- PHP SIGNUP START -----------------------------------//
282
283if(isset($_POST['SignUp'])) {
284 if(!isset($_SESSION['uid'])){
285 $ok = "true";
286 if(trim($_POST['firstname']) == "") {
287 $msg .= "<li class='error'>You did not enter your first name.</li>";
288 $ok = "";
289 }
290 if(trim($_POST['email1']) == "") {
291 $msg .= "<li class='error'>You did not enter your e-mail address.</li>";
292 $ok = "";
293 }
294 if(trim($_POST['email2']) == "") {
295 $msg .= "<li class='error'>You did not confirm your e-mail address.</li>";
296 $ok = "";
297 }
298 if(trim($_POST['username']) == "") {
299 $msg .= "<li class='error'>You did not enter a user name.</li>";
300 $ok = "";
301 } else {
302 $userTest = test_input($_POST['username']);
303 if (!preg_match('/^[a-zA-Z0-9@_.]*$/', $userTest)) {
304 $msg .= '<li class="error">Re-Enter Your username!<br>(only alpha, numbers, @_ are allowed)</li>';
305 $ok = "";
306 }
307 }
308 if(trim($_POST['password1']) == "") {
309 $msg .= "<li class='error'>You did not enter a password.</li>";
310 $ok = "";
311 $password = test_input($_POST['password1']);
312
313 if (!preg_match('/^[a-zA-Z0-9@_]*$/', $password)) {
314 $msg .= 'Invalid Format! Re-Enter Password!';
315 $ok = "";
316 }
317 }else{
318 if(trim($_POST['password1']) !== trim($_POST['password2'])) {
319 $msg .= "<li class='error'>You passwords did not match, please try again.</li>";
320 $ok = "";
321 }
322 }
323 if(!$ok) {
324 $msg .= "</ul>";
325 } else {
326
327 //your processing code goes here
328
329 require_once ($_SERVER["DOCUMENT_ROOT"]."/vendor/swiftmailer/swiftmailer/lib/swift_required.php");
330 $secret = $secretkey;
331 $ip = $_SERVER['SERVER_ADDR'];
332 $captcha = $_POST['g-recaptcha-response'];
333 $rsp = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$secret&captcha=$captcha&remoteip$ip");
334 $arr = json_decode($rsp,TRUE);
335 if(isset($_POST['g-recaptcha-response'])&& $_POST['g-recaptcha-response']){
336
337 // Grab post data
338
339 $firstname=$_POST['firstname'];
340 $email=$_POST['email1'];
341 $username=$_POST['username'];
342 $password=$_POST['password1'];
343 $hash = password_hash($password, PASSWORD_HASH_ALGO, array('cost' => PASSWORD_HASH_COST));
344 $stmt = $db->prepare("SELECT email FROM members WHERE email=:email1 LIMIT 1");
345 $stmt->bindValue(':email1',$email,PDO::PARAM_STR);
346 try{
347 $stmt->execute();
348 $count = $stmt->rowCount();
349 }
350 catch(PDOException $e){
351 $msg .= 'Error 002';
352 $ok = "";
353 }
354 //// query to check if the username is in the db already ////
355 $unameSQL = $db->prepare("SELECT username FROM members WHERE username=:username LIMIT 1");
356 $unameSQL->bindValue(':username',$username,PDO::PARAM_STR);
357 try{
358 $unameSQL->execute();
359 $unCount = $unameSQL->rowCount();
360 }
361 catch(PDOException $e){
362 $msg .= 'Sorry, that username is unavailable please select another one';
363 $ok = "";
364 }
365 ///Check if email is in the db already ////
366 if($count > 0){
367 $msg .= "<li class='error'>Sorry, that email is unavailable<br>please select another one</li>";
368 $ok = "";
369 }
370 //// Check if username is in the db already ////
371 if($unCount > 0){
372 $msg .= "<li class='error'>Sorry, that username is unavailable please select another one</li>";
373 $ok = "";
374 }
375 if(!$ok){
376 //$msg .= "Error detected not sending email";
377 } else {
378 //your processing code goes here
379 try{
380 $db->beginTransaction();
381 // $ip_binary = getenv('REMOTE_ADDR');
382 $ip_binary = inet_pton(getenv('REMOTE_ADDR'));
383 $token = md5($hash);
384 $stmt3 = $db->prepare("INSERT INTO members (firstname, username, email, password, token, signup_date, ip_binary) VALUES (:firstname, :username, :email, :hash, :token, now(), :ip_binary)");
385 $stmt3->bindParam(':firstname',$firstname,PDO::PARAM_STR);
386 $stmt3->bindParam(':username',$username,PDO::PARAM_STR);
387 $stmt3->bindParam(':email',$email,PDO::PARAM_STR);
388 $stmt3->bindParam(':hash',$hash,PDO::PARAM_STR);
389 $stmt3->bindParam(':token',$token,PDO::PARAM_STR);
390 $stmt3->bindParam(':ip_binary',$ip_binary,PDO::PARAM_STR);
391 $stmt3->execute();
392 $lastId = $db->lastInsertId();
393 $link = $_SESSION['url'].'?user='.$lastId.'&token='.$token.'';
394 $data = "Welcome $firstname,<br><br><br>
395 Thanks for registering an account at $site_name! I am glad you decided to join the team.
396 There's just one last step to set up your account. Please click the link below to confirm your identity and get started.
397 If the link below is not active please copy and paste it into your browser address bar.
398 <br><br>
399 $link";
400 // Create the Transport
401 $transport = Swift_SmtpTransport::newInstance('smtp.gmail.com', 465, 'ssl')
402 ->setUsername($user_name)
403 ->setPassword($pass_word);
404 // Create the Mailer using your created Transport
405 $mailer = Swift_Mailer::newInstance($transport);
406 // Create a message
407 $message = Swift_Message::newInstance('Sign Up')
408 ->setFrom(array($site_email => 'From: Auto Resposder @ '.$site_name))
409 ->setTo(array($email => 'Recipient'))
410 ->setSubject('IMPORTANT: Activate your '.$site_name.' Account')
411 ->setBody($data, 'text/html')
412 ;
413 // Send the message
414 $result = $mailer->send($message);
415
416 $db->commit();
417 $msg .= "<li class='success'>Thanks for joining! Check your email in a few moments to activate your account so that you may log in. See you on the site!</li>";
418 unset($_POST);
419 header('Location: '.$_SESSION['url'].'?signupSuccess=1');
420 ;
421 }
422 catch(PDOException $e){
423 $db->rollBack();
424 $msg.="<p class='error'>Rolledback due to this error:</p>";$msg.=$e;
425 }
426 }
427 } else {
428 $msg .= "<li class='error'>Captcha Failed</li>";
429 }
430 }
431 }
432//------------------------------------ PHP SIGNUP END ------------------------------------//
433}
434?>