mirror of
https://github.com/Neetpone/ponepaste.git
synced 2025-03-12 06:30:07 +01:00
Rework registration & login page a little bit.
This commit is contained in:
Floorb
parent
b2f4dc69d8
commit
03d4854570
4 changed files with 114 additions and 171 deletions
|
|
@ -200,7 +200,7 @@ if ($last_ip == $ip) {
|
|||
|
||||
<tr>
|
||||
<td> Email ID</td>
|
||||
<td> <?php echo $user_email_id; ?> </td>
|
||||
<td> <?php echo htmlentities($user_email_id); ?> </td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
|
|
|
|||
|
|
@ -192,16 +192,16 @@ function str_conntains($haystack, $needle, $ignoreCase = false) {
|
|||
return ($needlePos === false ? false : ($needlePos + 1));
|
||||
}
|
||||
|
||||
function encrypt($value) {
|
||||
$salt = $sec_key;
|
||||
$encrypted_string = openssl_encrypt($value, "AES-256-CBC", $salt);
|
||||
return $encrypted_string;
|
||||
function encrypt(string $value) : string {
|
||||
global $sec_key;
|
||||
|
||||
return openssl_encrypt($value, "AES-256-CBC", $sec_key);
|
||||
}
|
||||
|
||||
function decrypt($value) {
|
||||
$salt = $sec_key;
|
||||
$decrypted_string = openssl_decrypt($value, "AES-256-CBC", $salt);
|
||||
return $decrypted_string;
|
||||
function decrypt(string $value) : string {
|
||||
global $sec_key;
|
||||
|
||||
return openssl_decrypt($value, "AES-256-CBC", $sec_key);
|
||||
}
|
||||
|
||||
function deleteMyPaste($conn, $paste_id) {
|
||||
|
|
|
|||
183
login.php
183
login.php
|
|
@ -19,36 +19,48 @@ require_once('includes/common.php');
|
|||
require_once('includes/functions.php');
|
||||
require_once('mail/mail.php');
|
||||
|
||||
|
||||
function sendVerificationEmail($email_address, $username, $full_name) {
|
||||
global $lang;
|
||||
global $email;
|
||||
global $site_name;
|
||||
|
||||
$mail_type = "1";
|
||||
|
||||
$protocol = paste_protocol();
|
||||
$verify_url = $protocol . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . "/verify.php?username=${username}&code=" . md5('4et4$55765' . $email_address . 'd94ereg');
|
||||
$subject = $lang['mail_acc_con']; // "$site_name Account Confirmation";
|
||||
$body = "
|
||||
Hello ${full_name}, Please verify your account by clicking the link below.<br /><br />
|
||||
|
||||
<a href='$verify_url' target='_self'>$verify_url</a> <br /> <br />
|
||||
|
||||
After confirming your account you can log in using your username: <b>$username</b> and the password you used when signing up.
|
||||
";
|
||||
|
||||
if ($mail_type == '1') {
|
||||
default_mail($email, $site_name, $email_address, $subject, $body);
|
||||
} else {
|
||||
$email_info = getSiteInfo()['mail'];
|
||||
smtp_mail(
|
||||
$email_info['smtp_host'], $email_info['smtp_port'],
|
||||
$email_info['auth'], $email_info['smtp_username'], $email_info['smtp_password'], $email_info['socket'],
|
||||
$email, $site_name, $email_address, $subject, $body
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
// Current Date & User IP
|
||||
$date = date('jS F Y');
|
||||
$ip = $_SERVER['REMOTE_ADDR'];
|
||||
|
||||
// Mail
|
||||
$mail_type = "1";
|
||||
|
||||
|
||||
// Check if already logged in
|
||||
if (isset($_SESSION['token'])) {
|
||||
header("Location: ./");
|
||||
}
|
||||
|
||||
$admin_mail = $email;
|
||||
$admin_name = $site_name;
|
||||
|
||||
// Email information
|
||||
|
||||
$email_info_rows = $conn->query("SELECT * FROM mail LIMIT 1");
|
||||
while ($row = $email_info_rows->fetch()) {
|
||||
$verification = Trim($row['verification']);
|
||||
$smtp_host = Trim($row['smtp_host']);
|
||||
$smtp_user = Trim($row['smtp_username']);
|
||||
$smtp_pass = Trim($row['smtp_password']);
|
||||
$smtp_port = Trim($row['smtp_port']);
|
||||
$smtp_protocol = Trim($row['protocol']);
|
||||
$smtp_auth = Trim($row['auth']);
|
||||
$smtp_sec = Trim($row['socket']);
|
||||
}
|
||||
$mail_type = $smtp_protocol;
|
||||
|
||||
// Page title
|
||||
$p_title = $lang['login/register']; // "Login/Register";
|
||||
|
||||
|
|
@ -56,56 +68,28 @@ updatePageViews($conn);
|
|||
|
||||
if (isset($_GET['resend'])) {
|
||||
if (isset($_POST['email'])) {
|
||||
$email = htmlentities(trim($_POST['email']));
|
||||
$statement = $conn->prepare("SELECT * FROM users WHERE email_id = ?");
|
||||
$email = trim($_POST['email']);
|
||||
$statement = $conn->prepare("SELECT username, verified FROM users WHERE email_id = ?");
|
||||
$statement->execute([$email]);
|
||||
if ($statement->fetchColumn() > 0) {
|
||||
// Username found
|
||||
foreach ($statement as $index => $row) {
|
||||
if ($row = $statement->fetch()) {
|
||||
$username = $row['username'];
|
||||
$db_email_id = $row['email_id'];
|
||||
$db_platform = $row['platform'];
|
||||
$db_password = Trim($row['password']);
|
||||
$db_verified = $row['verified'];
|
||||
$db_picture = $row['picture'];
|
||||
$db_date = $row['date'];
|
||||
$db_ip = $row['ip'];
|
||||
$db_id = $row['id'];
|
||||
}
|
||||
if ($db_verified == '0') {
|
||||
$protocol = paste_protocol();
|
||||
$verify_url = $protocol . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . "/verify.php?username=$username&code=" . Md5('4et4$55765' . $db_email_id . 'd94ereg');
|
||||
$sent_mail = $email;
|
||||
$subject = $lang['mail_acc_con']; // "$site_name Account Confirmation";
|
||||
$body = "
|
||||
Hello $db_full_name, Please verify your account by clicking the link below.<br /><br />
|
||||
$verified = (bool) $row['verified'];
|
||||
|
||||
<a href='$verify_url' target='_self'>$verify_url</a> <br /> <br />
|
||||
|
||||
After confirming your account you can log in using your username: <b>$username</b> and the password you used when signing up.
|
||||
";
|
||||
|
||||
if ($mail_type == '1') {
|
||||
default_mail($admin_mail, $admin_name, $sent_mail, $subject, $body);
|
||||
} else {
|
||||
smtp_mail($smtp_host, $smtp_port, $smtp_auth, $smtp_user, $smtp_pass, $smtp_sec, $admin_mail, $admin_name, $sent_mail, $subject, $body);
|
||||
}
|
||||
if (!$verified) {
|
||||
sendVerificationEmail($email, $username, $username);
|
||||
$success = $lang['mail_suc']; // "Verification code successfully sent to your email.";
|
||||
|
||||
} else {
|
||||
$error = $lang['email_ver']; //"Email already verified.";
|
||||
}
|
||||
|
||||
} else {
|
||||
$error = $lang['email_not']; // "Email not found.";
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($_GET['forgot'])) {
|
||||
if (isset($_POST['email'])) {
|
||||
$email = htmlentities(trim($_POST['email']));
|
||||
$email = trim($_POST['email']);
|
||||
$query = "SELECT * FROM users WHERE email_id='$email'";
|
||||
$result = mysqli_query($con, $query);
|
||||
if (mysqli_num_rows($result) > 0) {
|
||||
|
|
@ -157,76 +141,60 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||
// Check if logged in
|
||||
if (isset($_SESSION['token'])) {
|
||||
header("Location: ./");
|
||||
} else {
|
||||
exit;
|
||||
}
|
||||
|
||||
// Login process
|
||||
if (isset($_POST['signin'])) {
|
||||
$username = htmlentities(trim($_POST['username']));
|
||||
$password = $_POST['password'];
|
||||
if ($username != null && $password != null) {
|
||||
$query = $conn->prepare("SELECT * FROM users WHERE username = ?");
|
||||
if (!empty($_POST['username']) && !empty($_POST['password'])) {
|
||||
$query = $conn->prepare("SELECT id, password, banned, verified FROM users WHERE username = ?");
|
||||
$query->execute([$username]);
|
||||
if ($row = $query->fetch()) {
|
||||
$row = $query->fetch();
|
||||
if ($row && password_verify($_POST['password'], $row['password'])) {
|
||||
// Username found
|
||||
$db_oauth_uid = $row['oauth_uid'];
|
||||
$db_email_id = $row['email_id'];
|
||||
$db_full_name = $row['full_name'];
|
||||
$db_platform = $row['platform'];
|
||||
$db_password = $row['password'];
|
||||
$db_verified = $row['verified'];
|
||||
$db_picture = $row['picture'];
|
||||
$db_date = $row['date'];
|
||||
$db_ip = $row['ip'];
|
||||
$db_id = $row['id'];
|
||||
|
||||
if (password_verify($password, $db_password)) {
|
||||
if ($db_verified == "1") {
|
||||
if ($row['banned']) {
|
||||
// User is banned
|
||||
$error = $lang['banned'];
|
||||
} if ($row['verified']) {
|
||||
// Login successful
|
||||
$_SESSION['token'] = Md5($db_id . $username);
|
||||
$_SESSION['token'] = md5($db_id . $username);
|
||||
$_SESSION['oauth_uid'] = $db_oauth_uid;
|
||||
$_SESSION['username'] = $username;
|
||||
|
||||
header('Location: ' . $_SERVER['HTTP_REFERER']);
|
||||
|
||||
} elseif ($db_verified == "2") {
|
||||
// User is banned
|
||||
$error = $lang['banned'];
|
||||
exit();
|
||||
} else {
|
||||
// Account not verified
|
||||
$error = $lang['notverified'];
|
||||
}
|
||||
} else {
|
||||
// Password wrong
|
||||
$error = $lang['incorrect'];
|
||||
|
||||
}
|
||||
} else {
|
||||
// Username not found
|
||||
// Username not found or password incorrect.
|
||||
$error = $lang['incorrect'];
|
||||
}
|
||||
} else {
|
||||
$error = $lang['missingfields']; // "All fields must be filled out.";
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
// Register process
|
||||
if (isset($_POST['signup'])) {
|
||||
$username = htmlentities(trim($_POST['username'], ENT_QUOTES));
|
||||
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
|
||||
$email = htmlentities(trim($_POST['email'], ENT_QUOTES));
|
||||
$chara_max = 25; //characters for max input
|
||||
|
||||
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||
if (empty($_POST['email']) || empty($_POST['password']) || empty($_POST['username'])) {
|
||||
$error = $lang['missingfields']; // "All fields must be filled out";
|
||||
} elseif (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
|
||||
$error = $lang['email_invalid']; // "Your email address seems to be invalid.";
|
||||
} else {
|
||||
if (strlen($username) > $chara_max) {
|
||||
} elseif (strlen($username) > $chara_max) {
|
||||
$error = $lang['maxnamelimit']; // "Username already taken.";
|
||||
} elseif (!isValidUsername($username)) {
|
||||
$error = $lang['usrinvalid']; // "Username not valid. Usernames can't contain special characters.";
|
||||
} else {
|
||||
if ($username != null && $password != null && $email != null) {
|
||||
$res = isValidUsername($username);
|
||||
if ($res) {
|
||||
$query = $conn->prepare('SELECT 1 FROM users WHERE username = ?');
|
||||
$query->execute([$username]);
|
||||
if ($query->fetch()) {
|
||||
|
|
@ -245,41 +213,16 @@ if (isset($_POST['signup'])) {
|
|||
);
|
||||
$query->execute([$username, $email, $password, $verification_needed ? 0 : 1, $date, $ip]);
|
||||
|
||||
if (!$verification_needed) {
|
||||
if ($verification_needed) {
|
||||
sendVerificationEmail($email, $username, $username);;
|
||||
}
|
||||
|
||||
$success = $lang['registered']; // "Your account was successfully registered.";
|
||||
} else {
|
||||
$success = $lang['registered']; // "Your account was successfully registered.";
|
||||
$protocol = paste_protocol();
|
||||
$verify_url = $protocol . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . "/verify.php?username=$username&code=" . Md5('4et4$55765' . $email . 'd94ereg');
|
||||
$sent_mail = $email;
|
||||
$subject = $lang['mail_acc_con']; // "$site_name Account Confirmation";
|
||||
$body = "
|
||||
Hello $username, Your $site_name account has been created. Please verify your account by clicking the link below.<br /><br />
|
||||
|
||||
<a href='$verify_url' target='_self'>$verify_url</a> <br /> <br />
|
||||
|
||||
After confirming your account you can log in using your username: <b>$username</b> and the password you used when signing up.
|
||||
";
|
||||
if ($mail_type == '1') {
|
||||
default_mail($admin_mail, $admin_name, $sent_mail, $subject, $body);
|
||||
} else {
|
||||
smtp_mail($smtp_host, $smtp_port, $smtp_auth, $smtp_user, $smtp_pass, $smtp_sec, $admin_mail, $admin_name, $sent_mail, $subject, $body);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
} else {
|
||||
$error = $lang['usrinvalid']; // "Username not valid. Usernames can't contain special characters.";
|
||||
}
|
||||
} else {
|
||||
$error = $lang['missingfields']; // "All fields must be filled out";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Theme
|
||||
require_once('theme/' . $default_theme . '/header.php');
|
||||
require_once('theme/' . $default_theme . '/login.php');
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@
|
|||
<input <?php if ($user_verified == "1") {
|
||||
echo 'disabled=""';
|
||||
} ?> type="text" class="input" name="email"
|
||||
placeholder="<?php echo $user_email_id; ?>">
|
||||
placeholder="<?php echo htmlentities($user_email_id, ENT_QUOTES); ?>">
|
||||
<span class="icon is-small is-left">
|
||||
<i class="fas fa-envelope"></i>
|
||||
</span>
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue