Version 2
This commit is contained in:
101
pagecontent/action-change-email-verify.php
Normal file
101
pagecontent/action-change-email-verify.php
Normal file
@@ -0,0 +1,101 @@
|
||||
<?php
|
||||
|
||||
// Code der neuen E-Mail wird geholt
|
||||
$code = htmlentities(substr($_POST["code"], 0, 30));
|
||||
|
||||
// Und als Nuutzereingabe-Session gespeichert
|
||||
$_SESSION["email-change-code-user"] = $code;
|
||||
|
||||
// Neue E-Mail wird aus der Session gelesen
|
||||
$email = $_SESSION["email-change-email"];
|
||||
|
||||
// Nutzercode wird mit dem tatsächlichen Code abgeglichen
|
||||
if($code != $_SESSION["email-change-code"]) {
|
||||
$_SESSION["email-change-codeFails"] = $_SESSION["email-change-codeFails"] + 1;
|
||||
|
||||
if($_SESSION["email-change-codeFails"] >= 3) {
|
||||
echo "codeFailsLimit";
|
||||
|
||||
$code = '';
|
||||
$string = "0123456789";
|
||||
for ($i = 1; $i <= 4; $i++)
|
||||
{
|
||||
$zufallszahl = rand(0, 9);
|
||||
$zufallszahl = substr($string, $zufallszahl, 1);
|
||||
$code = $code . $zufallszahl;
|
||||
}
|
||||
|
||||
$_SESSION["email-change-code"] = $code;
|
||||
|
||||
$_SESSION["email-change-codeFails"] = 0;
|
||||
|
||||
$betreff = "Willkommen bei VokSpace!";
|
||||
$from = "VokSpace";
|
||||
$text = '
|
||||
<html">
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
||||
<title>Bitte bestätige dein Konto</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
|
||||
</head>
|
||||
<body style="background-color: #3d434b;padding: 20px;">
|
||||
<div style="margin-top: 50px;position:relative;overflow:hidden;background-color: #212529;border-radius: 30px;">
|
||||
<div style="width: 50px;float:right;display:block;background-color: rgba(249,130,72,1);height:200px">
|
||||
</div>
|
||||
<div style="width: auto;float:left;display:block;padding:20px">
|
||||
<h2 style="font-family: Arial;color:#fff;margin: 5px 0;font-size:40px">Dein neuer Code: ' . $code . '</h2>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>';
|
||||
|
||||
$header = "MIME-Version: 1.0\r\n";
|
||||
$header .= "Content-type: text/html; charset=utf-8\r\n";
|
||||
|
||||
$header .= "From: VokSpace\r\n";
|
||||
$header .= "Reply-To: tim@timvandenboom.de\r\n";
|
||||
// $header .= "Cc: $cc\r\n"; // falls an CC gesendet werden soll
|
||||
$header .= "X-Mailer: PHP ". phpversion();
|
||||
|
||||
$email = $_SESSION["Email"];
|
||||
|
||||
mail($email, $betreff, $text, $header);
|
||||
|
||||
|
||||
}
|
||||
else {
|
||||
echo "wrongCode";
|
||||
}
|
||||
die();
|
||||
}
|
||||
|
||||
// Erneut testen, ob E-Mai bereits vorhanden
|
||||
$sql = "SELECT * FROM `VokabelBox2Users` WHERE `email` = '$email'";
|
||||
$result_articles = $conn->query($sql);
|
||||
|
||||
if(mysqli_num_rows($result_articles))
|
||||
{
|
||||
die();
|
||||
}
|
||||
|
||||
// Ganz zu anfang eingegbenes Passwort erneut auswerten
|
||||
$verify_password_user = $_SESSION["verify-password-user"];
|
||||
$sql = "SELECT * FROM `VokabelBox2Users` WHERE `userid` = '$userid' AND `password` = '$verify_password_user'";
|
||||
$result_articles = $conn->query($sql);
|
||||
if(!mysqli_num_rows($result_articles))
|
||||
{
|
||||
die();
|
||||
}
|
||||
|
||||
// Im letzen Schritt werden alle Nutzer-Sessions noch einmal mit den tatsächlichen Sessions abgeglichen um das Überpringen von Schritten zu verhindern.
|
||||
if(empty($email) || ($_SESSION["verify-code"] != $_SESSION["verify-code-user"]) || ($_SESSION["email-change-code"] != $_SESSION["email-change-code-user"])) {
|
||||
die();$conn->query("");
|
||||
}
|
||||
|
||||
// Neue E-Mail wird gepeichert
|
||||
$conn->query("UPDATE `VokabelBox2Users` SET `email` = '$email' WHERE `userid` = '$userid'");
|
||||
|
||||
print("true");
|
||||
|
||||
|
||||
?>
|
||||
Reference in New Issue
Block a user