102 lines
3.3 KiB
PHP
102 lines
3.3 KiB
PHP
<?php
|
|
|
|
// Code der neuen E-Mail wird geholt
|
|
$code = htmlentities(substr($_POST["code"], 0, 30));
|
|
|
|
// Und als Nuutzereingabe-Session gespeichert
|
|
$_SESSION["email-change-code-user"] = $code;
|
|
|
|
// Neue E-Mail wird aus der Session gelesen
|
|
$email = $_SESSION["email-change-email"];
|
|
|
|
// Nutzercode wird mit dem tatsächlichen Code abgeglichen
|
|
if($code != $_SESSION["email-change-code"]) {
|
|
$_SESSION["email-change-codeFails"] = $_SESSION["email-change-codeFails"] + 1;
|
|
|
|
if($_SESSION["email-change-codeFails"] >= 3) {
|
|
echo "codeFailsLimit";
|
|
|
|
$code = '';
|
|
$string = "0123456789";
|
|
for ($i = 1; $i <= 4; $i++)
|
|
{
|
|
$zufallszahl = rand(0, 9);
|
|
$zufallszahl = substr($string, $zufallszahl, 1);
|
|
$code = $code . $zufallszahl;
|
|
}
|
|
|
|
$_SESSION["email-change-code"] = $code;
|
|
|
|
$_SESSION["email-change-codeFails"] = 0;
|
|
|
|
$betreff = "Willkommen bei VokSpace!";
|
|
$from = "VokSpace";
|
|
$text = '
|
|
<html">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
|
<title>Bitte bestätige dein Konto</title>
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
|
|
</head>
|
|
<body style="background-color: #3d434b;padding: 20px;">
|
|
<div style="margin-top: 50px;position:relative;overflow:hidden;background-color: #212529;border-radius: 30px;">
|
|
<div style="width: 50px;float:right;display:block;background-color: rgba(249,130,72,1);height:200px">
|
|
</div>
|
|
<div style="width: auto;float:left;display:block;padding:20px">
|
|
<h2 style="font-family: Arial;color:#fff;margin: 5px 0;font-size:40px">Dein neuer Code: ' . $code . '</h2>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html>';
|
|
|
|
$header = "MIME-Version: 1.0\r\n";
|
|
$header .= "Content-type: text/html; charset=utf-8\r\n";
|
|
|
|
$header .= "From: VokSpace\r\n";
|
|
$header .= "Reply-To: tim@timvandenboom.de\r\n";
|
|
// $header .= "Cc: $cc\r\n"; // falls an CC gesendet werden soll
|
|
$header .= "X-Mailer: PHP ". phpversion();
|
|
|
|
$email = $_SESSION["Email"];
|
|
|
|
mail($email, $betreff, $text, $header);
|
|
|
|
|
|
}
|
|
else {
|
|
echo "wrongCode";
|
|
}
|
|
die();
|
|
}
|
|
|
|
// Erneut testen, ob E-Mai bereits vorhanden
|
|
$sql = "SELECT * FROM `VokabelBox2Users` WHERE `email` = '$email'";
|
|
$result_articles = $conn->query($sql);
|
|
|
|
if(mysqli_num_rows($result_articles))
|
|
{
|
|
die();
|
|
}
|
|
|
|
// Ganz zu anfang eingegbenes Passwort erneut auswerten
|
|
$verify_password_user = $_SESSION["verify-password-user"];
|
|
$sql = "SELECT * FROM `VokabelBox2Users` WHERE `userid` = '$userid' AND `password` = '$verify_password_user'";
|
|
$result_articles = $conn->query($sql);
|
|
if(!mysqli_num_rows($result_articles))
|
|
{
|
|
die();
|
|
}
|
|
|
|
// Im letzen Schritt werden alle Nutzer-Sessions noch einmal mit den tatsächlichen Sessions abgeglichen um das Überpringen von Schritten zu verhindern.
|
|
if(empty($email) || ($_SESSION["verify-code"] != $_SESSION["verify-code-user"]) || ($_SESSION["email-change-code"] != $_SESSION["email-change-code-user"])) {
|
|
die();$conn->query("");
|
|
}
|
|
|
|
// Neue E-Mail wird gepeichert
|
|
$conn->query("UPDATE `VokabelBox2Users` SET `email` = '$email' WHERE `userid` = '$userid'");
|
|
|
|
print("true");
|
|
|
|
|
|
?>
|