diff --git a/activate.php b/activate.php new file mode 100644 index 0000000..322b5fd --- /dev/null +++ b/activate.php @@ -0,0 +1,56 @@ + + + + + + Activate + + +No code delivered. nothing to do here.'); +} + +$userid = $_GET['userid']; +$code = $_GET['code']; + + +$statement = $pdo->prepare("SELECT * FROM users WHERE id = :userid"); +$result = $statement->execute(array('userid' => $userid)); +$user = $statement->fetch(); + +//check if theres a code for the user delivered +if($user === null || $user['actuvationcode'] === null) { + die(''); +} + +if($user['activationcode_time'] === null || strtotime($user['activationcode_time']) < (time()-24*3600) ) { + die(''); +} + + + +if(sha1($code) != $user['activationcode']) { + die(''); +} + +if(isset($_GET['send'])) { + $statement = $pdo->prepare("UPDATE users SET activated = 1, activationcode = NULL, activationcode_time = NULL WHERE id = :userid"); + $result = $statement->execute(array('userid'=> $userid )); + + if($result) { + die('Activated. Going to login now.'); + } +} +?> + +

Activate your user

+
+
+ + \ No newline at end of file diff --git a/activation.php b/activation.php new file mode 100644 index 0000000..539ea0f --- /dev/null +++ b/activation.php @@ -0,0 +1,82 @@ + + + + + + Reset Password + + +No code delivered. nothing to do here.
'); +} + +$userid = $_GET['userid']; +$code = $_GET['code']; + + +$statement = $pdo->prepare("SELECT * FROM users WHERE id = :userid"); +$result = $statement->execute(array('userid' => $userid)); +$user = $statement->fetch(); + +//check if theres a code for the user delivered +if($user === null || $user['passwordcode'] === null) { + die(''); +} + +if($user['passwordcode_time'] === null || strtotime($user['passwordcode_time']) < (time()-24*3600) ) { + die(''); +} + + + +if(sha1($code) != $user['passwordcode']) { + die(''); +} + + + +if(isset($_GET['send'])) { + $password = $_POST['password']; + $password_confirm = $_POST['password_confirm']; + //regexes for passvalidation: + $REuppercase = preg_match('@[A-Z]@', $password); + $RElowercase = preg_match('@[a-z]@', $password); + $REnumber = preg_match('@[0-9]@', $password); + $REspecialChars = preg_match('@[^\w]@', $password); + if($password != $password_confirm) { + echo "password or confirmed password wrong"; + } + if(!$REuppercase || !$RElowercase || !$REnumber || !$REspecialChars || strlen($password) < 8) { + echo 'Password needs to be more complex.
'; + echo 'Please implement at least 8 chars, upper & downer caser, one number & one special char.
'; + $error = true; +} else { + $passwordhash = password_hash($password, PASSWORD_DEFAULT); + $statement = $pdo->prepare("UPDATE users SET password = :passwordhash, passwordcode = NULL, passwordcode_time = NULL WHERE id = :userid"); + $result = $statement->execute(array('passwordhash' => $passwordhash, 'userid'=> $userid )); + + if($result) { + die('Changed password. Going to login now.'); + } + } +} +?> + +

Set new password

+
+
+ +

+
+
+ +

+
+ +
\ No newline at end of file diff --git a/login.php b/login.php index 1ee0436..f620101 100644 --- a/login.php +++ b/login.php @@ -17,6 +17,7 @@ if(isset($_GET['login'])) { $_SESSION['username'] = $user['username']; $_SESSION['givenName'] = $user['givenName']; $_SESSION['lastName'] = $user['lastName']; + $_SESSION['activated'] = $user['activated']; die(' '); } else { $errorMessage = '
'; diff --git a/profile.php b/profile.php index a98450e..b3a03b4 100644 --- a/profile.php +++ b/profile.php @@ -17,6 +17,7 @@ $username = $_SESSION['username']; $useremail = $_SESSION['email']; $usergn = $_SESSION['givenName']; $userln = $_SESSION['lastName']; +$activated = $_SESSION['activated']; echo ''; echo "
";