Vote count:
0
Hey i am making a website for my school project but i have a problem when i get the email it gives me my verify code from the one before. Can someone please help me. Thanks Joshua
The Email
<?php require_once 'application/config/autoload.php';
$host= DB_HOST;
$username= DB_USER;;
$password= DB_PASS;
$db_name= DB_NAME;
$tbl_name= DB_TABLE;
$user_name = Session::get('user_name');
error_reporting(0);
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");
$sql = "SELECT user_id,
user_name,
user_email,
user_password_reset_hash,
user_perm_level,
user_type,
user_active,
user_failed_logins,
user_last_failed_login
FROM $tbl_name WHERE user_name='$user_name'";
$result = mysql_query($sql);
if($result){
$row = mysql_fetch_object($result);
$link = 'http://****/login/verifypasswordreset/' . $user_name . '/' . $row->user_password_reset_hash;
echo "<html>
<head>
<style>
body {
background-color: #fff;
font-family: Arial;
font-size: 14px;
color: #000;
padding: 0;
margin: 15;
}
h1 {
font-size: 40px;
}
h2 {
font-size: 20px;
}
</style>
<div>
<img src='logo.min.png' align='left'></p>
<h1 align='right'>Teacher Help</h1>
<h2 align='right'>Verify Email<br></h2>
<form action='$link' method='post' target='_blank'>
<input type='submit' name='reset' value='Link'></form>
</div>
</head>
</html>";} ?>
The LoginModel
public function requestPasswordReset()
{
if (!isset($_POST['user_name']) OR empty($_POST['user_name'])) {
$_SESSION["feedback_negative"][] = FEEDBACK_USERNAME_FIELD_EMPTY;
return false;
}
// generate integer-timestamp (to see when exactly the user (or an attacker) requested the password reset mail)
$temporary_timestamp = time();
// generate random hash for email password reset verification (40 char string)
$user_password_reset_hash = sha1(uniqid(mt_rand(), true));
// clean user input
$user_name = strip_tags($_POST['user_name']);
// check if that username exists
$query = $this->db->prepare("SELECT user_id, user_email FROM users
WHERE user_name = :user_name AND user_provider_type = :provider_type");
$query->execute(array(':user_name' => $user_name, ':provider_type' => 'DEFAULT'));
$count = $query->rowCount();
if ($count != 1) {
$_SESSION["feedback_negative"][] = FEEDBACK_USER_DOES_NOT_EXIST;
return false;
}
// get result
$result_user_row = $result = $query->fetch();
$user_email = $result_user_row->user_email;
// set token (= a random hash string and a timestamp) into database
if ($this->setPasswordResetDatabaseToken($user_name, $user_password_reset_hash, $temporary_timestamp) == true) {
// send a mail to the user, containing a link with username and token hash string
if ($this->sendPasswordResetMail($user_name, $user_password_reset_hash, $user_email)) {
return true;
}
}
// default return
return false;
}
/**
* Set password reset token in database (for DEFAULT user accounts)
* @param string $user_name username
* @param string $user_password_reset_hash password reset hash
* @param int $temporary_timestamp timestamp
* @return bool success status
*/
public function setPasswordResetDatabaseToken($user_name, $user_password_reset_hash, $temporary_timestamp)
{
$query_two = $this->db->prepare("UPDATE users
SET user_password_reset_hash = :user_password_reset_hash,
user_password_reset_timestamp = :user_password_reset_timestamp
WHERE user_name = :user_name AND user_provider_type = :provider_type");
$query_two->execute(array(':user_password_reset_hash' => $user_password_reset_hash,
':user_password_reset_timestamp' => $temporary_timestamp,
':user_name' => $user_name,
':provider_type' => 'DEFAULT'));
// check if exactly one row was successfully changed
$count = $query_two->rowCount();
if ($count == 1) {
return true;
} else {
$_SESSION["feedback_negative"][] = FEEDBACK_PASSWORD_RESET_TOKEN_FAIL;
return false;
}
}
/**
* send the password reset mail
* @param string $user_name username
* @param string $user_password_reset_hash password reset hash
* @param string $user_email user email
* @return bool success status
*/
public function sendPasswordResetMail($user_name, $user_password_reset_hash, $user_email)
{
// create PHPMailer object here. This is easily possible as we auto-load the according class(es) via composer
$mail = new PHPMailer;
// please look into the config/config.php for much more info on how to use this!
if (EMAIL_USE_SMTP) {
// Set mailer to use SMTP
$mail->IsSMTP();
//useful for debugging, shows full SMTP errors, config this in config/config.php
$mail->SMTPDebug = PHPMAILER_DEBUG_MODE;
// Enable SMTP authentication
$mail->SMTPAuth = EMAIL_SMTP_AUTH;
// Enable encryption, usually SSL/TLS
if (defined('EMAIL_SMTP_ENCRYPTION')) {
$mail->SMTPSecure = EMAIL_SMTP_ENCRYPTION;
}
// Specify host server
$mail->Host = EMAIL_SMTP_HOST;
$mail->Username = EMAIL_SMTP_USERNAME;
$mail->Password = EMAIL_SMTP_PASSWORD;
$mail->Port = EMAIL_SMTP_PORT;
} else {
$mail->IsMail();
}
// build the email
$mail->IsHTML(true);
$mail->From = EMAIL_PASSWORD_RESET_FROM_EMAIL;
$mail->FromName = EMAIL_PASSWORD_RESET_FROM_NAME;
$mail->AddAddress($user_email);
$mail->Subject = EMAIL_PASSWORD_RESET_SUBJECT;
$link = EMAIL_PASSWORD_RESET_URL . '/' . urlencode($user_name) . '/' . urlencode($user_password_reset_hash);
$mail->Body = EMAIL_PASSWORDRESET_CONTENT . ' ';
$reseturl = "$link";
// send the mail
if($mail->Send()) {
$_SESSION["feedback_positive"][] = FEEDBACK_PASSWORD_RESET_MAIL_SENDING_SUCCESSFUL;
return true;
} else {
$_SESSION["feedback_negative"][] = FEEDBACK_PASSWORD_RESET_MAIL_SENDING_ERROR . $mail->ErrorInfo;
return false;
}
}
/**
* Verifies the password reset request via the verification hash token (that's only valid for one hour)
* @param string $user_name Username
* @param string $verification_code Hash token
* @return bool Success status
*/
public function verifyPasswordReset($user_name, $verification_code)
{
// check if user-provided username + verification code combination exists
$query = $this->db->prepare("SELECT user_id, user_password_reset_timestamp
FROM users
WHERE user_name = :user_name
AND user_password_reset_hash = :user_password_reset_hash
AND user_provider_type = :user_provider_type");
$query->execute(array(':user_password_reset_hash' => $verification_code,
':user_name' => $user_name,
':user_provider_type' => 'DEFAULT'));
// if this user with exactly this verification hash code exists
if ($query->rowCount() != 1) {
$_SESSION["feedback_negative"][] = FEEDBACK_PASSWORD_RESET_COMBINATION_DOES_NOT_EXIST;
return false;
}
// get result row (as an object)
$result_user_row = $query->fetch();
// 3600 seconds are 1 hour
$timestamp_one_hour_ago = time() - 3600;
// if password reset request was sent within the last hour (this timeout is for security reasons)
if ($result_user_row->user_password_reset_timestamp > $timestamp_one_hour_ago) {
// verification was successful
$_SESSION["feedback_positive"][] = FEEDBACK_PASSWORD_RESET_LINK_VALID;
return true;
} else {
$_SESSION["feedback_negative"][] = FEEDBACK_PASSWORD_RESET_LINK_EXPIRED;
return false;
}
}
asked 37 secs ago
Aucun commentaire:
Enregistrer un commentaire