threadr.lostcave.ddnss.de/threadr/signup/verify-email/index.php

74 lines
2.8 KiB
PHP

<?php
//todo: force logout any user if logged in and on this page
//permitted chars for password salt
$permitted_chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ&/()[]$:?_';
//generates password salt
function generate_salt($input, $strength = 5) {
$input_length = strlen($input);
$random_string = '';
for($i = 0; $i < $strength; $i++) {
$random_character = $input[random_int(0, $input_length - 1)];
$random_string .= $random_character;
}
return $random_string;
}
//for token generation
$token_salt = generate_salt($permitted_chars);
$token_hashes = hash("crc32", $_POST['email']) . hash("crc32", $_POST['username']);
$token = str_shuffle($token_hashes . $token_salt);
//for password hashing
$password_salt = generate_salt($permitted_chars);
$password_hash_method = "sha256";
$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
//$statement = $pdo->prepare('');
?>
<!DOCTYPE html>
<html>
<head>
<title>ThreadR - Verification</title>
<link rel="stylesheet" type="text/css" href="%CONTENT_DIR%/style.css">
<link rel="icon" type="image/png" href="%CONTENT_DIR%/img/favicon-32x32.png" sizes="32x32" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<ul class="topnav">
<li><a href="%CONTENT_DIR%/"><img src="%CONTENT_DIR%/img/ThreadR_Home.svg" alt="Home" /></a></li>
<!-- <li><a class="dropdown">
<button class="dropbtn">News
<i class="fa fa-caret-down"></i>
</button>
<div class="dropdown-content">
<a href="#">Link 1</a>
<a href="#">Link 2</a>
<a href="#">Link 3</a>
</div>
</div> -->
<li><a href="%CONTENT_DIR%/news/">News</a></li>
<li><a href="%CONTENT_DIR%/boards/">Boards</a></li>
<li><a href="%CONTENT_DIR%/about/">About</a></li>
<li class="right"><a class="active" href="%CONTENT_DIR%/login/">Log In</a></li>
</ul>
<br />
<div class="container">
<div class="item-1">
<h1>
<center>E-mail verification</center>
</h1>
</div>
<div class="item-2 form">
<p>Please send an e-mail with the following token to <a href="mailto:signup@lostcave.ddnss.de?subject=signup&body=<?php echo $token; ?>"><p class="cyan">signup@lostcave.ddnss.de</p></a>:</p>
<form action="%CONTENT_DIR%/signup/verify-email/redirect.php" method="post">
<p>Token: <?php echo $token; ?></p>
<input type="submit" value="Done, sign me up!" />
</form>
<br />
</div>
</div>
</body>
</html>