Commit 0a8ba9d5 authored by Reto Da Forno's avatar Reto Da Forno
Browse files

use separate function to send emails from php, missing header fields added

parent 50878348
......@@ -47,7 +47,7 @@
$row = mysqli_fetch_array($rs);
if (file_exists("template/newuser_emailtemplate.txt") && $row['last_login'] === NULL) { // only send mail to new users (who have not yet logged in)
$msg = file_get_contents("template/newuser_emailtemplate.txt");
mail($row['email'], "Re: Request for FlockLab user account", $msg, "From: flocklab@tik.ee.ethz.ch\r\nReply-To: flocklab-admin@tik.ee.ethz.ch");
send_mail("Re: Request for FlockLab user account", $msg, $row['email']);
}
}
mysqli_close($db);
......
......@@ -233,12 +233,13 @@ function check_imageid($imageid, $userid) {
##############################################################################
*/
function get_admin_emails() {
global $CONFIG;
$admins = Array();
if (isset($CONFIG['email']['admin_email'])) {
array_push($admins, trim($CONFIG['email']['admin_email']));
} else {
$db = db_connect();
$sql = "SELECT `email`
$sql = "SELECT `email`
FROM tbl_serv_users
WHERE `role` = 'admin'";
$rs = mysqli_query($db, $sql) or flocklab_die('Cannot get admin emails from database because: ' . mysqli_error($db));
......@@ -250,6 +251,38 @@ function get_admin_emails() {
return $admins;
}
/*
##############################################################################
#
# get_flocklab_email
#
# Get the main mail address of Flocklab
#
##############################################################################
*/
function get_flocklab_email() {
global $CONFIG;
return $CONFIG['email']['flocklab_email'];
}
/*
##############################################################################
#
# send_mail
#
# Send an email
#
##############################################################################
*/
function send_mail($subject, $message, $recipient) {
global $CONFIG;
$header = 'From: ' . $CONFIG['email']['flocklab_email'] . "\r\n" .
'Reply-To: ' . $CONFIG['email']['admin_email'] . "\r\n" .
'Content-Type: text/plain; charset=utf-8' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
return mail($recipient, $subject, $message, $header);
}
/*
##############################################################################
#
......
......@@ -40,10 +40,11 @@
// If the page is called for the second time, validate and process form:
if (!$first) {
$emailaddress = $_POST['emailaddress'];
$emailaddress = $_POST['emailaddress'];
$username = $_POST['username'];
// Check necessary fields:
if ($emailaddress=="") {
if ($emailaddress == "" || $username == "") {
$error = true;
array_push($errors, "Please fill out all fields marked with an asterisk.");
}
......@@ -56,16 +57,16 @@
// If there was no error, set a new, random password in the DB and send it to the user by email:
if (!$error) {
$db = db_connect();
$db = db_connect();
// Check if user exists in database:
$sql = "SELECT * FROM `tbl_serv_users` WHERE `email` = '" . mysqli_real_escape_string($db, $emailaddress) . "'";
$rs = mysqli_query($db, $sql) or flocklab_die('Cannot get user information from database because: ' . mysqli_error($db));
$sql = "SELECT * FROM `tbl_serv_users` WHERE `username` = '" . mysqli_real_escape_string($db, $username) . "' AND `email` = '" . mysqli_real_escape_string($db, $emailaddress) . "'";
$rs = mysqli_query($db, $sql) or flocklab_die('Cannot get user information from database because: ' . mysqli_error($db));
$rows = mysqli_fetch_array($rs);
if ($rows) {
// Generate new password and store it:
$newpassword = substr(hash('sha512',rand()),0,16);
$newhash = sha1($newpassword);
$sql = "UPDATE `tbl_serv_users` SET `password` = '" . $newhash . "' WHERE `email` = '" . mysqli_real_escape_string($db, $emailaddress) . "'";
// Generate a temporary password and store it:
$newpassword = substr(hash('sha512', rand()), 0, 16);
$newhash = sha1($newpassword);
$sql = "UPDATE `tbl_serv_users` SET `password` = '" . $newhash . "' WHERE `username` = '" . mysqli_real_escape_string($db, $username) . "' AND `email` = '" . mysqli_real_escape_string($db, $emailaddress) . "'";
mysqli_query($db, $sql) or flocklab_die('Cannot get set new password for user in database because: ' . mysqli_error($db));
}
mysqli_close($db);
......@@ -73,15 +74,16 @@
// If user was found and password has been set, inform user:
if (isset($newpassword)) {
$subject = "[FlockLab] Request for password recovery";
$message = "A request for a FlockLab password recovery has been placed on the FlockLab user interface.\n";
$message = $message . "If this request has not been placed by you, please contact us on ".$CONFIG['smtp']['email'].".\n\n";
$message = $message . "Your password has been reset to the following new password: \n\n$newpassword\n\n";
$message = $message . "Please login at ".$CONFIG['xml']['namespace']."/user and change the password in your account settings afterwards.\n";
$message = $message . "\n";
$message = "A request for a FlockLab password recovery has been placed on the FlockLab user interface.\n".
"If this request has not been placed by you, please contact us at ".$CONFIG['email']['admin_email'].".\n\n".
"Your password has been reset to the following new password: \n\n$newpassword\n\n".
"Please login at ".$CONFIG['xml']['namespace']."/user and change the password in your account settings afterwards.\n\n";
$message = wordwrap($message, 70);
$header = 'X-Mailer: PHP/' . phpversion();
mail($emailaddress, $subject, $message, $header);
}
send_mail($subject, $message, $emailaddress);
} else {
$error = true;
array_push($errors, "No user found with the specified name/email combination.");
}
}
}
?>
......@@ -111,6 +113,9 @@
emailaddress: {
required: true,
email: true
},
username: {
required: true
}
}
});
......@@ -138,7 +143,8 @@
}
?>
<p>Please fill out the form below to request a new password for your FlockLab account. Fields marked with * are mandatory.</p>
<span class="formfield">E-mail Address:*</span><input type="text" name="emailaddress" id="emailaddress" value="<?php echo $emailaddress;?>"><br>
<span class="formfield">Username:*</span><input type="text" name="username" id="username" value="<?php echo $username; ?>"><br>
<span class="formfield">E-mail Address:*</span><input type="text" name="emailaddress" id="emailaddress" value="<?php echo $emailaddress; ?>"><br>
<span class="formfield">Captcha:*</span><?php recaptcha_print(); ?>
<p>
<input type="hidden" name="first" value="no">
......
......@@ -40,18 +40,18 @@
// If the page is called for the second time, validate form and send an email to the flocklab admin on success.
if (!$first) {
$institution = $_POST['institution'];
$institution = $_POST['institution'];
$institutiontype = $_POST['institutiontype'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$emailaddress = $_POST['emailaddress'];
$username = $_POST['username'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$emailaddress = $_POST['emailaddress'];
$username = $_POST['username'];
$country = $_POST['country'];
$passwd = sha1($_POST['passwd']);
$retypepasswd = sha1($_POST['retypepasswd']);
$passwd = sha1($_POST['passwd']);
$retypepasswd = sha1($_POST['retypepasswd']);
$description = $_POST['description'];
$comments = $_POST['comments'];
$termsofuse = $_POST['termsofuse'];
$comments = $_POST['comments'];
$termsofuse = $_POST['termsofuse'];
/* Check necessary fields */
// Check necessary fields:
......@@ -94,24 +94,23 @@
// If there was no error, insert the data into the database and send an email to the flocklab admin:
if (!$error) {
$db = db_connect();
$sql = "INSERT INTO `tbl_serv_users` (`lastname`, `firstname`, `username`, `country`, `password`, `email`, `institution_type`, `institution`, `is_active`,`create_time`)
VALUES (
'" . mysqli_real_escape_string($db, $lastname) . "',
'" . mysqli_real_escape_string($db, $firstname) . "',
'" . mysqli_real_escape_string($db, $username) . "',
'" . mysqli_real_escape_string($db, $country) . "',
'" . mysqli_real_escape_string($db, $passwd) . "',
'" . mysqli_real_escape_string($db, $emailaddress) . "',
'" . mysqli_real_escape_string($db, $institutiontype) . "',
'" . mysqli_real_escape_string($db, $institution) . "', 0, NOW())";
$db = db_connect();
$sql = "INSERT INTO `tbl_serv_users` (`lastname`, `firstname`, `username`, `country`, `password`, `email`, `institution_type`, `institution`, `is_active`,`create_time`)
VALUES (
'" . mysqli_real_escape_string($db, $lastname) . "',
'" . mysqli_real_escape_string($db, $firstname) . "',
'" . mysqli_real_escape_string($db, $username) . "',
'" . mysqli_real_escape_string($db, $country) . "',
'" . mysqli_real_escape_string($db, $passwd) . "',
'" . mysqli_real_escape_string($db, $emailaddress) . "',
'" . mysqli_real_escape_string($db, $institutiontype) . "',
'" . mysqli_real_escape_string($db, $institution) . "', 0, NOW())";
mysqli_query($db, $sql) or flocklab_die('Cannot store user information in database because: ' . mysqli_error($db));
mysqli_close($db);
$adminemails = get_admin_emails();
$to = implode(", ", $adminemails);
$to = implode(", ", get_admin_emails());
$subject = "Request for FlockLab user account";
$message = "A request for a new FlockLab user account has been placed on www.flocklab.ethz.ch/user/user_register.php\n\n";
$message = "A request for a new FlockLab user account has been placed.\n\n";
$message = $message . "First Name: $firstname\n";
$message = $message . "Last Name: $lastname\n";
$message = $message . "Username: $username\n";
......@@ -125,9 +124,7 @@
$message = $message . "Terms of use accepted: $termsofuse\n";
$message = $message . "\n";
$message = wordwrap($message, 70);
$header = 'Reply-To: ' . $emailaddress . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $header);
send_mail($subject, $message, $to);
}
}
?>
......@@ -255,6 +252,7 @@
</form>
</div> <!-- END content -->
<div style="clear:both"></div>
<div style="color: #666666; margin-top:10px"><?php echo "Contact the <a href='mailto:".get_admin_emails()[0]."'>FlockLab admin</a> in case of an issue with the registration form."; ?></div>
</div> <!-- END container -->
</body>
</html>
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment