-
Notifications
You must be signed in to change notification settings - Fork 0
/
recoverRequest.php
67 lines (59 loc) · 1.67 KB
/
recoverRequest.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
<?php
require 'dbConnect.php';
require 'validation.php';
$emailAddress;
$userID;
if (isset($_REQUEST['e']))
{
$con = makeSQLI();
if($con === false)
errorOut('Error ' . mysqli_connect_error);
$emailAddress = ($_REQUEST['e']);
$cleanEmail = $con->escape_string($emailAddress);
$confCode = md5($emailAddress . rand(1, 99));
$sql = "SELECT id FROM tb_users WHERE email_address = '$cleanEmail'";
if($result = $con->query($sql))
{
if(!($row = $result->fetch_row()) || $result->num_rows != 1)
{
errorOut("Email not used.");
}
else
$userID = $row[0];
}
else
errorOut("Error getting id from email.");
$sql = "INSERT INTO tb_password_recover (user_id, conf_code)
VALUES (?, ?)";
//echo '$stmt: ' . $stmt;
if(!($stmt = $con->prepare($sql)))
echo $con->error;
$stmt->bind_param('is', $userID, $confCode);
if($stmt->execute())
{
$subject = "Project Transparency Account Recovery";
$message = "Forgot your password? Don't worry, I have just the solution. " .
"Hit or copy the following link to enter a new password.\r\n\r\n" .
"http://" . $_SERVER['SERVER_NAME'] . "/projectTransparency/project/changePassword.php?c=$confCode";
$header = 'From: [email protected]';
if(mail($emailAddress, $subject, $message, $header))
{
header("Status: 202 Accepted");
echo ("Success");
}
else
errorOut('Error sending email');
}
else
die('Error adding account, you may already be in the system somehow, try going back and trying to log in again.');
}
else
{
errorOut("No email");
}
function errorOut($text)
{
header("Status: 401 Unauthorized");
die($text);
}
?>