File: D:/HostingSpaces/SBogers10/deensekroon.komma-mediadesign.nl/wwwroot/php/page_forgot_pass.php
<?php
/**
* page_forgot_pass.php
* Created by Komma Mediadesign.
* Author: mike
* Date: 9/10/13
*/
/*
* Function called by dispatcher
*/
function getForgotPass()
{
if(isset($_POST['send_mail']))
{
fp_validateMail();
}
else if(isset($_POST['validate_new_password']))
{
fp_validatePass();
}
else
{
if(defined('URL_SUB'))
{
switch(URL_SUB)
{
case 'verzonden' :
// Show verzonden
return fp_showSendForm();
break;
case 'activeer' :
// Show verzonden
fp_validateActivation();
break;
case 'verlopen':
return fp_showExpired();
break;
case 'nieuw' :
// Show verzonden
return fp_showNewPassword();
break;
default:
// Show form
return fp_showForm();
}
}
else
{
// Show form
return fp_showForm();
}
}
return false;
}
/*
VALIDATION
*/
function fp_validateMail()
{
global $mysqli;
$email = $_POST['email'];
if( ! empty($email) && validateEmail($email))
{
// Is there a user with this e-mailadres?
$query = "SELECT l.id, l.hash, l.email, p.firstName, p.middleName, p.lastName
FROM shop_customer_login AS l, shop_customer_personal AS p
WHERE email = '".addslashes($email)."' AND l.personalId = p.id LIMIT 1";
if($result = $mysqli->query($query)){
if($result->num_rows > 0 )
{
$_SESSION['fp']['user'] = $result->fetch_assoc();
if(fp_sendMail())
{
$_SESSION['fp_success'] = 'De e-mail is succesvol verzonden!';
header('location : /wachtwoord-vergeten/verzonden');
}
}
else
{
$_SESSION['fp_error'] = 'Dit e-mailadres is niet bij ons bekend.';
}
}
else
{
$_SESSION['fp_error'] = 'Dit e-mailadres is niet bij ons bekend.';
}
}
else
{
$_SESSION['fp_error'] = 'Je hebt geen geldig e-mailadres ingevuld. Probeer het nog eens.';
}
header('location: /wachtwoord-vergeten');
}
function fp_sendMail()
{
require_once $_SERVER['DOCUMENT_ROOT'] . '/admin/lib/mail/php_mailer.class.php';
$user = $_SESSION['fp']['user'];
// Get/Set info
$fromName = 'Deense Kroon';
$from = 'info@deensekroon.nl';
$subject = 'Wachtwoord vergeten';
// Create Url
$actHash = fp_createKey();
$url = fp_createUrl($actHash);
$name = $user['firstName'];
if( ! empty($user['middleName'])) $name .= $user['middleName'];
$name .= $user['lastName'];
// Message
$str = 'Beste ' . $user['firstName'] .',<br /><br />';
$str .= 'Je hebt op www.deensekroon.nl aangegeven dat je je wachtwoord bent vergeten.<br />';
$str .= 'Klik op onderstaande link om je wachtwoord te wijzigen, of kopieer deze link en plak hem in de adresbalk van je browser.<br />';
$str .= 'Deze link is de komende 24 uur geldig, dus zorg dat je binnen deze tijd je wachtwoord hebt gewijzigd.<br /><br />';
$str .= '<a href="'.$url.'" target="_blank">link: '.$url.'</a><br /><br />';
$str .= 'Heb je vragen of opmerkingen neem dan contact met ons op. info@deensekroon.nl.<br /><br />
Met vriendelijke groet,<br /><br />
Deense Kroon<br />
www.deensekroon.nl';
$msg = $str;
// Send
$mail = new PHPMailer(TRUE);
try
{
$mail->AddAddress($user['email'], $name);
$mail->SetFrom($from, $fromName);
$mail->Subject = $subject;
$mail->MsgHTML($msg);
$mail->Send();
}
catch (phpmailerException $e)
{
return FALSE;
}
fp_store($actHash,$user);
return TRUE;
}
/*
* Check if a string can be an e-mail address.
*/
function validateEmail($email)
{
// First, we check that there's one @ symbol, and that the lengths are right
if (!preg_match("/^[^@]{1,64}@[^@]{1,255}$/", $email)) {
// Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
return false;
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
if (!preg_match("/^(([A-Za-z0-9!#$%&'*+\/=?^_`{|}~-][A-Za-z0-9!#$%&'*+\/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$/", $local_array[$i])) {
return false;
}
}
if (!preg_match("/^\[?[0-9\.]+\]?$/", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
return false; // Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++) {
if (!preg_match("/^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$/", $domain_array[$i])) {
return false;
}
}
}
return true;
}
function fp_createKey()
{
$actHash = sha1($_SESSION['fp']['user']['email'].'flipflop'.time());
return $actHash;
}
function fp_createUrl($actHash)
{
$url = BASE_ROOT . 'wachtwoord-vergeten/activeer/' . $actHash . '/';
return $url;
}
/*
* Store activation in database
*/
function fp_store($actHash, $user)
{
global $mysqli;
$mysqli->query('INSERT INTO password_activation(hash,email,stored)
VALUES("' . $actHash . '","' . $user['email'] . '",' . time() . ')');
}
/*
* Validate activation code
*/
function fp_validateActivation()
{
global $mysqli;
if(defined('URL_SUB2'))
{
$actHash = inDatabase(URL_SUB2);
// Check if we can find this hash in the database
$query = 'SELECT hash,used,email FROM password_activation WHERE hash = "' . $actHash . '" LIMIT 1';
if($result = $mysqli->query($query))
{
if($result->num_rows > 0)
{
$record = $result->fetch_assoc();
// This password has already been used
if( ! empty($record['used']))
{
// Expired
header('location: /wachtwoord-vergeten/verlopen/');
}
else{
// Enter a new password
$_SESSION['pass_update_email'] = $record['email'];
$_SESSION['pass_update_act_hash'] = $actHash;
header('location: /wachtwoord-vergeten/nieuw/');
}
}
}
}
else
{
header('location: /wachtwoord-vergeten/');
}
}
function fp_validatePass()
{
global $mysqli;
$newPass = $_POST['new_password'];
$confirmPass = $_POST['confirm_password'];
if( ! empty($newPass) && ! empty($confirmPass))
{
if( ! class_exists('Password')) require_once $_SERVER['DOCUMENT_ROOT'] . '/admin/lib/password.class.php';
$password = new Password(array(
'minLength' => 8,
'maxLength' => 30,
'minNumbers' => 0,
'minLetters' => 0,
'minLowerCase' => 0,
'minUpperCase' => 0,
'minSymbols' => 0,
'maxSymbols' => 10,
'allowedSymbols' => array('#', '_', '-', '!', '?', '@', '[', ']', '=', '~', '*'),));
// If password is valid
if($password->validatePassword($newPass))
{
if($newPass == $confirmPass)
{
// Get user id
$currentEmail = addslashes($_SESSION['pass_update_email']);
// Update password
if( ! empty($currentEmail))
{
$hash = fp_encrypt_pass($newPass);
$mysqli->query('UPDATE shop_customer_login SET hash = "' . $hash . '" WHERE email = "' . $currentEmail. '" LIMIT 1');
$mysqli->query('UPDATE password_activation SET used = "' . time() . '" WHERE hash = "' . $_SESSION['pass_update_act_hash'] . '" LIMIT 1');
}
}
else
{
$errors[] = 'De wachtwoorden komen niet overéén.';
}
}
else
{
$errors = $password->getErrors();
}
}
else
{
$errors[] = 'Vul beide velden in aub.';
}
if(isset($errors))
{
$_SESSION['fp_error'] = '';
foreach($errors as $error)
{
$_SESSION['fp_error'] .= $error . "<br />";
}
// Header
header('location: /wachtwoord-vergeten/nieuw');
}
else
{
unset($_SESSION['fp']);
unset($_SESSION['pass_update_act_hash']);
unset($_SESSION['pass_update_act_email']);
$_SESSION['fp_success'] = 'Je wachtwoord is succesvol gewijzigd, je kunt nu inloggen.';
// login!
if($_SESSION['cart']['loginfromcart']){
header('location: /toont-uw-winkelwagen/uw-gegevens/');
}
else{
header('location: /inloggen-of-registreren/');
}
}
}
function fp_encrypt_pass($pass)
{
// if(version_compare(PHP_VERSION, '5.3.0') >= 0)
// {
$currentHash = $_SESSION['fp']['user']['hash'];
$newHash = crypt($pass, $currentHash);
return $newHash;
// }
// else
// {
// $newHash = hash('sha256', $pass);
// return $newHash;
// }
}
/*
OUTPUT
*/
/*
* Show e-mail form
*/
function fp_showForm()
{
$output = '';
$output .= fp_getHeader();
$output .= '<div class="acc-splitpage-fp-holder">';
if(isset($_SESSION['fp_error']))
{
$output .= '<span class="fm-err">' . $_SESSION['fp_error'] . '</span>';
unset($_SESSION['fp_error']);
}
if(isset($_SESSION['fp_success']))
{
$output .= '<span class="fm-suc">' . $_SESSION['fp_success'] . '</span>';
unset($_SESSION['fp_success']);
}
$output .= '<h4>E-mailadres</h4>';
$output .= 'Vul hieronder je e-mailadres in, je ontvangt van ons een bericht met een activatielink. Via deze link kun je je wachtwoord wijzigen.<br /><br />';
$output .= '<form action="" method="post">';
$output .= '<input type="text" name="email" value="" class="txt-232" />';
$output .= '<input type="submit" name="send_mail" value="verzenden" class="button-arrow-168"/>';
$output .= '</form>';
$output .= '</div>';
$output .= '<div class="clear"></div>';
return $output;
}
function fp_showSendForm()
{
$output = '';
$output .= fp_getHeader();
$output .= '<div class="acc-splitpage-fp-holder">';
$output .= '<h4>E-mail verzonden</h4>';
$output .= 'Er is een e-mail verzonden naar ' . $_SESSION['fp']['user']['email'] . '. Via deze e-mail kun je je wachtwoord opnieuw instellen.';
$output .= '</div>';
$output .= '<div class="clear"></div>';
return $output;
}
function fp_showNewPassword()
{
if(isset($_SESSION['pass_update_act_hash']))
{
$output = '';
$output .= fp_getHeader();
if(isset($_SESSION['fp_error']))
{
$output .= '<span class="fm-err">' . $_SESSION['fp_error'] . '</span>';
unset($_SESSION['fp_error']);
}
$output .= '<div class="acc-splitpage-fp-holder">';
$output .= '<h4>Vul een nieuw wachtwoord in</h4>';
$output .= '<form action="" method="post">';
$output .= '<h5>Nieuw wachtwoord</h5>';
$output .= '<input type="password" name="new_password" value="" class="txt-232" />';
$output .= '<h5>Bevestig wachtwoord</h5>';
$output .= '<input type="password" name="confirm_password" value="" class="txt-232" />';
$output .= '<input type="submit" name="validate_new_password" value="opslaan" class="button-arrow-168"/>';
$output .= '</form>';
$output .= '</div>';
$output .= '<div class="clear"></div>';
return $output;
}
else
{
header('location: /wachtwoord-vergeten');
return false;
}
}
function fp_showExpired()
{
$output = '';
$output .= fp_getHeader();
$output .= '<div class="acc-splitpage-fp-holder">';
$output .= '<h4>Activatielink verlopen</h4>';
$output .= 'Je link is helaas verlopen, klik <a href="/wachtwoord-vergeten/">hier</a> om een nieuwe activatielink aan te vragen.';
$output .= '</div>';
$output .= '<div class="clear"></div>';
return $output;
}
/*
* Display the header
*/
function fp_getHeader()
{
global $mysqli;
$output = '';
$output .= '<div class="acc-pageheader">';
$output .= '<h1>Wachtwoord vergeten</h1>';
$output .= '<div class="small-banner-holder">';
////////////////// BANNER \\\\\\\\\\\\\\\\\\\\\\\
/* load & display small banner */
// get info \\
$query = 'SELECT b.title, b.bannerimage, b.url
FROM banners AS b, content_status AS s
WHERE type = 3
AND s.active = 1
AND s.itemId = b.id
AND s.linkname = "banners"
ORDER BY itemOrder ASC';
if($result = $mysqli->query($query)){
$numbanners = $result->num_rows;
if($numbanners > 0){
$i = 0;
$banners = array();
while($record = $result->fetch_assoc()){
$title = fromDatabase($record['title']);
$shortcode = $record['bannerimage'];
$url = $record['url'];
if(substr($url,0,7) != 'http://' && substr($url,0,8) != 'https://' && !empty($url)) $url = 'http://'.$url;
//get image
$shortcode = substr($shortcode, 1, -1);
$mediaResult = $mysqli->query('SELECT title, path FROM media_files WHERE shortcode = "'.$shortcode.'" LIMIT 1');
$mediaRecord = $mediaResult->fetch_assoc();
$filename = $mediaRecord['path'];
$banners[$i] = '';
if(!empty($url)) $banners[$i] .= '<a href="'.$url.'" target="_blank">';
$banners[$i] .= '<img src="/images/uploads/'.$filename.'" alt="'.$title.'" />';
if(!empty($url)) $banners[$i] .= '</a>';
$i++;
}
shuffle($banners);
$output .= $banners[0];
}
}
else{
$output .= '<img src="/images/temp/temp-small-banner.jpg" alt="test"/>';
}
$output .= '</div>';
$output .= '</div>';
return $output;
}