-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathuserAccount.php
More file actions
202 lines (195 loc) · 8.73 KB
/
userAccount.php
File metadata and controls
202 lines (195 loc) · 8.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
<?php
//start session
session_start();
//load and initialize user class
include 'user.php';
$user = new User();
if(isset($_POST['signupSubmit'])){
//check whether user details are empty
if(!empty($_POST['first_name']) && !empty($_POST['last_name']) && !empty($_POST['email']) && !empty($_POST['phone']) && !empty($_POST['password']) && !empty($_POST['confirm_password'])){
//password and confirm password comparison
if($_POST['password'] !== $_POST['confirm_password']){
$sessData['status']['type'] = 'error';
$sessData['status']['msg'] = 'Confirme que la contraseña debe coincidir con la contraseña.';
}else{
//check whether user exists in the database
$prevCon['where'] = array('email'=>$_POST['email']);
$prevCon['return_type'] = 'count';
$prevUser = $user->getRows($prevCon);
if($prevUser > 0){
$sessData['status']['type'] = 'error';
$sessData['status']['msg'] = 'El correo electrónico ya existe, utilice otro correo electrónico.';
}else{
//insert user data in the database
$userData = array(
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email'],
'password' => md5($_POST['password']),
'phone' => $_POST['phone']
);
$insert = $user->insert($userData);
//set status based on data insert
if($insert){
$sessData['status']['type'] = 'success';
$sessData['status']['msg'] = 'Te has registrado correctamente, inicia sesión con tus credenciales.';
}else{
$sessData['status']['type'] = 'error';
$sessData['status']['msg'] = 'Se produjo algún problema, por favor intente nuevamente.';
}
}
}
}else{
$sessData['status']['type'] = 'error';
$sessData['status']['msg'] = 'Todos los campos son obligatorios, complete todos los campos.';
}
//store signup status into the session
$_SESSION['sessData'] = $sessData;
$redirectURL = ($sessData['status']['type'] == 'success')?'index.php':'registration.php';
//redirect to the home/registration page
header("Location:".$redirectURL);
}elseif(isset($_POST['loginSubmit'])){
//check whether login details are empty
if(!empty($_POST['email']) && !empty($_POST['password'])){
//get user data from user class
$conditions['where'] = array(
'email' => $_POST['email'],
'password' => md5($_POST['password']),
'status' => '1'
);
$conditions['return_type'] = 'single';
$userData = $user->getRows($conditions);
//set user data and status based on login credentials
if($userData){
$sessData['userLoggedIn'] = TRUE;
$sessData['userID'] = $userData['id'];
$sessData['status']['type'] = 'success';
$sessData['status']['msg'] = 'Bienvenid@ '.$userData['first_name'].'!';
}else{
$sessData['status']['type'] = 'error';
$sessData['status']['msg'] = 'Correo electrónico o contraseña incorrectos, intente nuevamente.';
}
}else{
$sessData['status']['type'] = 'error';
$sessData['status']['msg'] = 'Ingrese correo electrónico y contraseña.';
}
//store login status into the session
$_SESSION['sessData'] = $sessData;
//redirect to the home page
header("Location:index.php");
}elseif(isset($_POST['forgotSubmit'])){
//check whether email is empty
if(!empty($_POST['email'])){
//check whether user exists in the database
$prevCon['where'] = array('email'=>$_POST['email']);
$prevCon['return_type'] = 'count';
$prevUser = $user->getRows($prevCon);
if($prevUser > 0){
//generat unique string
$uniqidStr = md5(uniqid(mt_rand()));;
//update data with forgot pass code
$conditions = array(
'email' => $_POST['email']
);
$data = array(
'forgot_pass_identity' => $uniqidStr
);
$update = $user->update($data, $conditions);
if($update){
$resetPassLink = 'http://localhost/olvidopass/resetPassword.php?fp_code='.$uniqidStr;
//get user details
$con['where'] = array('email'=>$_POST['email']);
$con['return_type'] = 'single';
$userDetails = $user->getRows($con);
//send reset password email
$to = $userDetails['email'];
$subject = "Solicitud de Cambio de Contraseña";
$mailContent = 'Estimad@ '.$userDetails['first_name'].',
<br/><br/>Recientemente se envió una solicitud para restablecer una contraseña para su cuenta. Si esto fue un error, simplemente ignore este correo electrónico y no pasará nada.
<br/>Para restablecer su contraseña, visite el siguiente enlace: <a href="'.$resetPassLink.'">'.$resetPassLink.'</a>
<br/><br/>Saludos,
<br/>Para más desarrollos como este vísitame en mi sitio https://www.configuroweb.com, atentamente
<br/>Mauricio Sevilla
<br/>https://www.linkedin.com/in/mauricio-sevilla/'; ;
//set content-type header for sending HTML email
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
//additional headers
$headers .= 'From: ConfiguroWeb<sender@example.com>' . "\r\n";
//send email
mail($to,$subject,$mailContent,$headers);
$sessData['status']['type'] = 'success';
$sessData['status']['msg'] = 'Verifique su correo electrónico, hemos enviado un enlace para restablecer la contraseña a su correo electrónico registrado.';
}else{
$sessData['status']['type'] = 'error';
$sessData['status']['msg'] = 'Se produjo algún problema, por favor intente nuevamente.';
}
}else{
$sessData['status']['type'] = 'error';
$sessData['status']['msg'] = 'El correo electrónico dado no está asociado con ninguna cuenta.';
}
}else{
$sessData['status']['type'] = 'error';
$sessData['status']['msg'] = 'Ingrese el correo electrónico para crear una nueva contraseña para su cuenta.';
}
//store reset password status into the session
$_SESSION['sessData'] = $sessData;
//redirect to the forgot pasword page
header("Location:forgotPassword.php");
}elseif(isset($_POST['resetSubmit'])){
$fp_code = '';
if(!empty($_POST['password']) && !empty($_POST['confirm_password']) && !empty($_POST['fp_code'])){
$fp_code = $_POST['fp_code'];
//password and confirm password comparison
if($_POST['password'] !== $_POST['confirm_password']){
$sessData['status']['type'] = 'error';
$sessData['status']['msg'] = 'Confirme que la contraseña debe coincidir con la contraseña.';
}else{
//check whether identity code exists in the database
$prevCon['where'] = array('forgot_pass_identity' => $fp_code);
$prevCon['return_type'] = 'single';
$prevUser = $user->getRows($prevCon);
if(!empty($prevUser)){
//update data with new password
$conditions = array(
'forgot_pass_identity' => $fp_code
);
$data = array(
'password' => md5($_POST['password'])
);
$update = $user->update($data, $conditions);
if($update){
$sessData['status']['type'] = 'success';
$sessData['status']['msg'] = 'La contraseña de su cuenta se ha restablecido correctamente. Inicia sesión con tu nueva contraseña.';
}else{
$sessData['status']['type'] = 'error';
$sessData['status']['msg'] = 'Se produjo algún problema, por favor intente nuevamente.';
}
}else{
$sessData['status']['type'] = 'error';
$sessData['status']['msg'] = 'No tiene autorización para restablecer la nueva contraseña de esta cuenta.';
}
}
}else{
$sessData['status']['type'] = 'error';
$sessData['status']['msg'] = 'Todos los campos son obligatorios, complete todos los campos.';
}
//store reset password status into the session
$_SESSION['sessData'] = $sessData;
$redirectURL = ($sessData['status']['type'] == 'success')?'index.php':'resetPassword.php?fp_code='.$fp_code;
//redirect to the login/reset pasword page
header("Location:".$redirectURL);
}elseif(!empty($_REQUEST['logoutSubmit'])){
//remove session data
unset($_SESSION['sessData']);
session_destroy();
//store logout status into the ession
$sessData['status']['type'] = 'success';
$sessData['status']['msg'] = 'Has cerrado la sesión correctamente desde tu cuenta.';
$_SESSION['sessData'] = $sessData;
//redirect to the home page
header("Location:index.php");
}else{
//redirect to the home page
header("Location:index.php");
}