File: D:/HostingSpaces/SBogers45/smuldersinterieurprojecten.nl/wwwroot/admin/php/getLoginPage.php
<?php
function getLoginPage(){
$output = '';
if(!isset($_SESSION['loginError'])){$_SESSION['loginError'] = '';}
if(isset($_POST['sbmSendPass'])){
$output .= sbmSendPass();
}
else if(isset($_POST['login'])){
$output .= validateLoginForm();
}
else if(isset($_GET['page'])){
if($_GET['page'] == 'forgot-pass'){
$output .= showFormPass();
}
else{
$output .= showLoginForm();
}
}
else{
$output .= showLoginForm();
}
return $output;
}
function showLoginForm(){
$output = '';
//Dynamic website
$result = mysql_query('SELECT website FROM _client LIMIT 1');
$record = mysql_fetch_assoc($result);
$clientWebsite = $record['website'];
//get text
$siteText = getSiteText();
$output .= '<div class="double-column-container top-rounded center loginMargin">';
//errror
$output .= '<div class="message-container">';
$output .= '<div class="message err" id="err"><img src="./images/icons/error.png" alt="error" class="err-icon"/>'.$_SESSION['loginError'].'</div>';
if(!empty($_SESSION['loginError'])) $output .= '<script type="text/javascript">slideObj(\'err\',top,0)</script>';
$output .= '</div>';
//header
$displaySite = str_replace('http://', '', $clientWebsite);
$displaySite = str_replace('/', '', $displaySite);
$output .= '<div class="header-bar top-rounded">'.$displaySite.'</div>';
$output .= '<div class="content">';
//content
$output .= '<h1>'.$siteText['loginInHeader'].'</h1>';
$output .= $siteText['loginIn1'].'<br /><br /><br />';
$output .='<form action="" method="post">
<div class="input-total">
<div class="input-title">'.$siteText['username'].'.</div>
<input type="text" name="user"/><br />
</div>
<div class="clear"></div>
<div class="input-total">
<div class="input-title">'.$siteText['password'].'.</div>
<input type="password" name="pass" value="" />
</div>
<div class="clear"></div>
<input name="login" type="submit" value="'.$siteText['btnSignIn'].'" class="button fully-rounded"/>
<div class="clear"></div>
<br /><br/>
<a href="./forgot-pass/">'.$siteText['forgotPass'].'</a>
</form>';
$output .= '</div>';
$output .= '</div>';
return $output;
}
function validateLoginForm(){
//get text
$siteText = getSiteText();
$output = '';
if(!empty($_POST['user']) && !empty($_POST['pass'])){
$query = "SELECT id, user, pass FROM _admin WHERE user = '".addslashes($_POST['user'])."'";
$result = mysql_query($query);
if (mysql_num_rows($result) > 0) {
$record = mysql_fetch_assoc($result);
$pass = md5($_POST['pass']);
if($record['pass'] == $pass ){
$str = $record['id'].'_'.md5($record['user'].$record['pass']); //id + md5( user + pass );
$_SESSION['adminStr'] = $str;
unset($_SESSION['loginError']);
$_SESSION['justSignedIn'] = true;
header('location: ./ ');
}
else {
$_SESSION['loginError'] = $siteText['loginErr1'];
$output .= showLoginForm();
}
}
else {
$_SESSION['loginError'] = $siteText['loginErr1'];
$output .= showLoginForm();
}
}
else{
$_SESSION['loginError'] = $siteText['loginErr2'];
$output .= showLoginForm();
}
return $output;
}
//show page
function showFormPass(){
//get text
$siteText = getSiteText();
if(!isset($_SESSION['forgot-pass-err'])){
$_SESSION['forgot-pass-err'] = '';
}
//Dynamic website
$result = mysql_query('SELECT website FROM _client LIMIT 1');
$record = mysql_fetch_assoc($result);
$clientWebsite = $record['website'];
//get text
$siteText = getSiteText();
//output
$output = '';
$output .= '<div class="double-column-container top-rounded center loginMargin">';
//errror
$output .= '<div class="message-container">';
$output .= '<div class="message err" id="err"><img src="./images/icons/error.png" alt="error" class="err-icon"/>'.$_SESSION['forgot-pass-err'].'</div>';
if(!empty($_SESSION['forgot-pass-err'])) $output .= '<script type="text/javascript">slideObj(\'err\',top,0)</script>';
$output .= '</div>';
//header
$displaySite = str_replace('http://', '', $clientWebsite);
$displaySite = str_replace('/', '', $displaySite);
$output .= '<div class="header-bar top-rounded">'.$displaySite.'</div>';
$output .= '<div class="content">';
$output .= '<h1>'.$siteText['getNewPassword'].'</h1>';
$output .=' <form action="" method="post">
<div class="input-total">
<div class="input-title">'.$siteText['formLabelEmail'].':</div>
<input type="text" name="email"/>
</div>
<div class="clear"></div>';
$output .= '<input name="sbmSendPass" type="submit" value="'.$siteText['sendNewPassword'].'" class="button fully-rounded"/>
<div class="clear"></div>
</form><br />';
$output .= '<a href="../">Back</a><br />';
$output .= '</div>';
return $output;
}
//send email containing new password
function sbmSendPass(){
//get text
$siteText = getSiteText();
$output = '';
$email = $_POST['email'];
if(!empty($_POST['email'])){
$result = mysql_query("SELECT id, user FROM _admin WHERE email = '".addslashes($email)."'");
if (mysql_num_rows($result) > 0) { // if user found
$record = mysql_fetch_assoc($result);
//generate new pass
$newPass = randomPassword();
$md5Wachtwoord = md5($newPass);
$query = "UPDATE _admin
SET pass = '".$md5Wachtwoord."'
WHERE id = '".$record['id']."'";
$result = mysql_query($query);
//send mail
$header = "MIME-Version: 1.0\r\n";
$header .= "Content-type: text/html; charset=iso-8859-1\r\n";
$header .= "To: ".$record['user']." <".$email.">\r\n";
$header .= "From: Mike Ontwerpt<noreply@mikeontwerpt.nl>\r\n";
$msg = $siteText['mailNewPassMsg1'].$email.$siteText['mailNewPassMsg2'].$newPass.$siteText['mailNewPassMsg3'];
$output .= '<div class="double-column-container top-rounded center loginMargin">';
$output .= '<div class="header-bar top-rounded">sending mail</div>';
$output .= '<div class="content">';
//mail
if(mail($_POST['email'], $siteText['mailNewPassSubject'] ,$msg, $header)){
$output .= '<h2>'.$siteText['passwordSendTitle'].'</h2>';
$output .= $siteText['passwordSendMsg'];
unset($_SESSION['forgot-pass-err']);
}
else{
$_SESSION['forgot-pass-err'] = $siteText['mailNotSend'];
$output .= showFormPass();
}
$output .= '</div>';
return $output;
}
else{
$_SESSION['forgot-pass-err'] = $siteText['noUserFound'];
$output .= showFormPass();
}
}
else{
$_SESSION['forgot-pass-err'] = $siteText['emptyFieldEmail'];
$output .= showFormPass();
}
}
function randomPassword(){
$lenght = 6;
$lowercase = true;
$uppercase = true;
$numeric = true;
$special = false;
$availableCharacters = null;
$lowercaseCharacters = 'abcdefghijklmnopqrstuvwxyz';
$uppercaseCharacters = strtoupper($lowercaseCharacters);
$numericCharacters = '0123456789';
$specialCharacters = '!@#$%^&';
// hier wordt gekeken of de boolean op true of false staat, aan de hand daarvann
$availableCharacters = ($lowercase ? $lowercaseCharacters : '').($uppercase ? $uppercaseCharacters : '').($numeric ? $numericCharacters : '').($special ? $specialCharacters : '');
$numOfCharacters = strlen($availableCharacters);
$password = '';
for($i = 0; $i < $lenght; $i++){
$r = rand(1,$numOfCharacters);
$password .= substr($availableCharacters, $r, 1);
}
return $password;
}
?>