threadr.lostcave.ddnss.de/threadr/signup/verify-email/index.php

<?php
  //todo: force logout any user if logged in and on this page

  //permitted chars for password salt
  $permitted_chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ&/()[]$:?_';

  //generates password salt
  function generate_salt($input, $strength = 5) {
    $input_length = strlen($input);
    $random_string = '';
    for($i = 0; $i < $strength; $i++) {
      $random_character = $input[random_int(0, $input_length - 1)];
      $random_string .= $random_character;
    }
    return $random_string;
  }

  //for token generation
  $token_salt = generate_salt($permitted_chars);
  $token_hashes = hash("crc32", $_POST['email']) . hash("crc32", $_POST['username']);
  $token = str_shuffle($token_hashes . $token_salt);

  //for password hashing
  $password_salt = generate_salt($permitted_chars);
  $password_hash_method = "sha256";

  $pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
  //$statement = $pdo->prepare('');
$navbar = "verify-email";
?>
<!DOCTYPE html>
<html>
      <head>
        <title>ThreadR - Verification</title>
        <link rel="stylesheet" type="text/css" href="%CONTENT_DIR%/style.css">
        <link rel="icon" type="image/png" href="%CONTENT_DIR%/img/favicon-32x32.png" sizes="32x32" />
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
      </head>
      <body>
        %NAVBAR%
        <div class="container">
          <div class="item-1">
            <h1>
              <center>E-mail verification</center>
            </h1>
          </div>
          <div class="item-2 form">
            <p>Please send an e-mail containing the following token to <a class="pink-b" href="mailto:signup@lostcave.ddnss.de?subject=ThreadR%20-%20Verification&body=<?php echo $token; ?>">signup@lostcave.ddnss.de</a>:</p>
            <form action="%CONTENT_DIR%/signup/verify-email/redirect.php" method="post">
              <p>Token: <?php echo $token; ?></p>
              <input type="submit" value="Done, sign me up!" />
            </form>
            <br />
          </div>
        </div>
      </body>
    </html>
„threadr/signup/verify-email/index.php“ ändern 2020-02-23 21:43:09 +01:00			`<?php`
added %NO_CHEAP_SESSION_STEALING% 2020-02-24 04:43:53 +01:00			`//todo: force logout any user if logged in and on this page`

„threadr/signup/verify-email/index.php“ ändern 2020-02-23 21:43:09 +01:00			`//permitted chars for password salt`
			`$permitted_chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ&/()[]$:?_';`

			`//generates password salt`
			`function generate_salt($input, $strength = 5) {`
			`$input_length = strlen($input);`
			`$random_string = '';`
			`for($i = 0; $i < $strength; $i++) {`
			`$random_character = $input[random_int(0, $input_length - 1)];`
			`$random_string .= $random_character;`
			`}`
			`return $random_string;`
			`}`

fixed syntax error 2020-02-23 22:26:00 +01:00			`//for token generation`
			`$token_salt = generate_salt($permitted_chars);`
			`$token_hashes = hash("crc32", $_POST['email']) . hash("crc32", $_POST['username']);`
			`$token = str_shuffle($token_hashes . $token_salt);`

began implementation 2020-02-23 23:08:26 +01:00			`//for password hashing`
			`$password_salt = generate_salt($permitted_chars);`
			`$password_hash_method = "sha256";`

			`$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');`
			`//$statement = $pdo->prepare('');`
%NAVBAR%ized all the pages. I hope, there are no errors. 2020-02-26 19:03:55 +01:00			`$navbar = "verify-email";`
„threadr/signup/verify-email/index.php“ ändern 2020-02-23 21:43:09 +01:00			`?>`
added email verification page 2020-02-23 21:28:00 +01:00			`<!DOCTYPE html>`
			`<html>`
			`<head>`
			`<title>ThreadR - Verification</title>`
			`<link rel="stylesheet" type="text/css" href="%CONTENT_DIR%/style.css">`
			`<link rel="icon" type="image/png" href="%CONTENT_DIR%/img/favicon-32x32.png" sizes="32x32" />`
			`<meta name="viewport" content="width=device-width, initial-scale=1.0">`
			`</head>`
			`<body>`
%NAVBAR%ized all the pages. I hope, there are no errors. 2020-02-26 19:03:55 +01:00			`%NAVBAR%`
added email verification page 2020-02-23 21:28:00 +01:00			`<div class="container">`
			`<div class="item-1">`
			`<h1>`
english 2020-02-24 08:29:59 +01:00			`<center>E-mail verification</center>`
added email verification page 2020-02-23 21:28:00 +01:00			`</h1>`
			`</div>`
included form style 2020-02-24 21:14:22 +01:00			`<div class="item-2 form">`
„threadr/signup/verify-email/index.php“ ändern 2020-02-24 23:21:28 +01:00			`<p>Please send an e-mail containing the following token to <a class="pink-b" href="mailto:signup@lostcave.ddnss.de?subject=ThreadR%20-%20Verification&body=<?php echo $token; ?>">signup@lostcave.ddnss.de</a>:</p>`
added email verification page 2020-02-23 21:28:00 +01:00			`<form action="%CONTENT_DIR%/signup/verify-email/redirect.php" method="post">`
„threadr/signup/verify-email/index.php“ ändern 2020-02-24 23:05:36 +01:00			`<p>Token: <?php echo $token; ?></p>`
english 2020-02-24 08:29:59 +01:00			`<input type="submit" value="Done, sign me up!" />`
added missing </form> 2020-02-24 22:34:45 +01:00			`</form>`
„threadr/signup/verify-email/index.php“ ändern 2020-02-24 22:35:21 +01:00			`<br />`
added email verification page 2020-02-23 21:28:00 +01:00			`</div>`
			`</div>`
			`</body>`
			`</html>`