forked from pietrosperoni/Vilfredo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprocess_email_check.php
216 lines (187 loc) · 4.58 KB
/
process_email_check.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
<?php
// DONE
function confirm_email($userid, $username, $email)
{
// generate confirm code
$token = set_confirm_email_token($userid);
if (!token)
{
//set_log(__FILE__. "::" . __FUNCTION__."::");
return false;
}
// email user reset code
$expires = time() + CHECK_EMAIL_LIFETIME;
$send_email = send_confirmation_email($username, $email, $token);
if (!send_email)
{
set_message("error", "Sorry, there was a system problem. Please wait while we sort it out. The email should arrive shortly.");
return false;
}
return true;
}
function validate_email_confirm_code_link()
{
$invalid_token_msg = "Sorry, your token appears to be invalid. Please contact support for help.";
$invalide_link_msg = "Sorry, there appeared to be a problem with validating your password reset link. Please enter the code manually below or contact support. Thanks.";
if (!isset($_GET['t']) || !ctype_alnum($_GET['t']))
{
set_message("error", $invalide_link_msg);
return false;
}
$token = $_GET['t'];
$sql = "SELECT userid, token, timeout
FROM email_check
WHERE token = '$token'";
$result = mysql_query($sql);
if (!$result)
{
handle_db_error($result, $sql);
set_log('Retrieving password reset token failed!');
set_message("error", $invalide_link_msg);
return false;
}
if (mysql_num_rows($result) > 0)
{
// fetch user details
$confirmdata = mysql_fetch_assoc($result);
// Check if token expired
if (time() > (int)$confirmdata['timeout'])
{
// Delete expired recover entry
$userid = (int)$confirmdata['userid'];
delete_confirm_email_token($userid, $token);
return 2;
}
else
{
$user = getuserdetails($resetdata['userid']);
return true;
}
}
else
{
set_message("error", $invalid_token_msg);
return false;
}
}
function activate_user_account()
{
if (!isset($_SESSION['activateid']) || !isset($_SESSION['activatetoken']))
{
set_log(__FUNCTION__." Session variables userid and token not set");
$msg = "There was a system problem. Your password could not be reset at this time. Please try again later or contact support.";
set_message("error", $msg);
return false;
}
$sql = "UPDATE users
SET active = 1
WHERE id = $userid";
$activate_account = mysql_query($sql);
if (!$activate_account)
{
handle_db_error($activate_account, $sql);
$msg = "Sorry there was a system error. Please try again.";
set_message("error", $msg);
return false;
}
else
{
// Delete table entry
delete_recover_pwd_token($userid, $token);
return true;
}
}
//DONE
function get_confirm_email_token($userid, $token)
{
$sql = "SELECT userid, token, timeout
FROM email_check
WHERE userid = $userid
AND token = '$token'";
$result = mysql_query($sql);
if (!$result)
{
handle_db_error($result, $sql);
return false;
}
if (mysql_num_rows($result) > 0)
{
$resetdata = mysql_fetch_assoc($result);
return $resetdata;
}
else
{
return false;
}
}
//DONE
function set_confirm_email_token($userid)
{
$token = gen_uuid();
$expire = time() + CHECK_EMAIL_LIFETIME;
$sql = "INSERT INTO email_check (userid, token, timeout)
VALUES ($userid, '$token', $expire)";
$request = mysql_query($sql);
if ($request)
{
return $token;
}
else
{
handle_db_error($addpwdresetrequest, $sql);
return false;
}
}
// DONE
function delete_unconfirmed_user_account($userid)
{
$sql = "DELETE FROM users
WHERE id = $userid
AND active = 0";
if (!mysql_query($sql))
{
db_error(__FUNCTION__ . " SQL: " . $sql);
return false;
}
else
{
return true;
}
}
// DONE
function delete_confirm_email_token($userid, $token)
{
$sql = "DELETE FROM email_check
WHERE userid = $userid
AND token = '$token'";
if (!mysql_query($sql))
{
db_error(__FUNCTION__ . " SQL: " . $sql);
return false;
}
else
{
return true;
}
}
// DONE
function send_confirmation_email($username, $email, $token)
{
$subject = "Vilfredo Account Verification";
$to = $username . " <" . $email . ">";
$domain = SITE_DOMAIN;
$message = <<<_HTML_
Hi {$user['username']},
To validate your account, you must visit the URL below within 24 hours
$domain/confirm_email.php?t=$token
Thanks,
Vilfredo
_HTML_;
// wrap message to required 70 char width
$message = wordwrap($message, 70, "\n", false);
file_put_contents($subject.'.txt', $message);
return true;
// return true or false
//return @mail($to, $subject, $message);
}
?>