Ch0cu3r

Gone through and cleaned up your code a bit, and made a resuable function for calling the phpmailer code <?php /* PHP API for Login, Register, Changepassword, Resetpassword Requests and for Email Notifications. */ require_once 'phpmailer.php'; if (isset($_POST['tag']) && $_POST['tag'] != '') { // Include Database handler require_once 'include/DB_Functions.php'; $db = new DB_Functions(); // response Array $response = array("tag" => $tag, "success" => 0, "error" => 0); // check for tag type switch($_POST['tag']) { case 'login': // Request type is check Login $email = $_POST['email']; $password = $_POST['password']; // check for user $user = $db->getUserByEmailAndPassword($email, $password); if ($user != false) { // user found // echo json with success = 1 $response["success"] = 1; $response["user"]["fname"] = $user["firstname"]; $response["user"]["lname"] = $user["lastname"]; $response["user"]["email"] = $user["email"]; $response["user"]["uname"] = $user["username"]; $response["user"]["uid"] = $user["unique_id"]; $response["user"]["created_at"] = $user["created_at"]; } else { // user not found // echo json with error = 1 $response["error"] = 1; $response["error_msg"] = "Incorrect email or password!"; } break; case 'chgpass': $email = $_POST['email']; $newpassword = $_POST['newpas']; $hash = $db->hashSSHA($newpassword); $encrypted_password = $hash["encrypted"]; // encrypted password $salt = $hash["salt"]; if ($db->isUserExisted($email)) { $user = $db->forgotPassword($email, $encrypted_password, $salt); if ($user) { $response["success"] = 1; $subject = "Change Password Notification"; $message = "Hello User,\n\nYour Password is sucessfully changed.\n\nRegards,\nLearn2Crack Team."; send_email($subject, $message, $email); } else { $response["error"] = 1; } // user is already existed - error response } else { $response["error"] = 2; $response["error_msg"] = "User not exist"; } break; case 'forpass': $email = $_POST['forgotpassword']; $randomcode = $db->random_string(); $hash = $db->hashSSHA($randomcode); $encrypted_password = $hash["encrypted"]; // encrypted password $salt = $hash["salt"]; if ($db->isUserExisted($email)) { $user = $db->forgotPassword($email, $encrypted_password, $salt); if ($user) { $response["success"] = 1; $subject = "Password Recovery"; $message = "Hello User,\n\nYour Password is sucessfully changed. Your new Password is $randomcode . Login with your new Password and change it in the User Panel.\n\nRegards,\nLearn2Crack Team."; send_email($subject, $message, $email); } else { $response["error"] = 1; } // user is already existed - error response } else { $response["error"] = 2; $response["error_msg"] = "User not exist"; } break; case 'register': // Request type is Register new user $fname = $_POST['fname']; $lname = $_POST['lname']; $email = $_POST['email']; $uname = $_POST['uname']; $password = $_POST['password']; // check if user is already existed if ($db->isUserExisted($email)) { // user is already existed - error response $response["error"] = 2; $response["error_msg"] = "User already existed"; } else if(!$db->validEmail($email)) { $response["error"] = 3; $response["error_msg"] = "Invalid Email Id"; } else { // store user $user = $db->storeUser($fname, $lname, $email, $uname, $password); if ($user) { // user stored successfully $response["success"] = 1; $response["user"]["fname"] = $user["firstname"]; $response["user"]["lname"] = $user["lastname"]; $response["user"]["email"] = $user["email"]; $response["user"]["uname"] = $user["username"]; $response["user"]["uid"] = $user["unique_id"]; $response["user"]["created_at"] = $user["created_at"]; $subject = "Registration"; $message = "Hello $fname,\n\nYou have sucessfully registered to our service.\n\nRegards,\nAdmin."; $name = $user['firstname'] . ' ' . $user['lastname']; send_mail($subject, $message, $email, $name); } else { // user failed to store $response["error"] = 1; $response["error_msg"] = "JSON Error occured in Registartion"; } } break; default: $response["error"] = 3; $response["error_msg"] = "JSON ERROR"; } echo json_encode($response); } else { echo "BradVisor Login API"; } Code for phpmailer.php <?php require_once 'PHPMailer/PHPMailerAutoload.php'; function send_email($subject, $message, $to, $name = null) { $mail = new PHPMailer; $mail->isSMTP(); $mail->Host = 'smtp.gmail.com'; $mail->SMTPAuth = true; $mail->Username = 'bradvisor15@gmail.com'; $mail->Password = 'password'; $mail->SMTPSecure = 'tls'; $mail->From = "contact@learn2crack.com";; $mail->FromName = 'Learn2crack'; $mail->WordWrap = 50; $mail->isHTML(true); $mail->addAddress($to, $name); $mail->Subject = $subject; $mail->Body = $message; if(!$mail->send()) { trigger_error('Unable to send email. Error: ' . $mail->errorInfo); } }

You will have to go through the source code for your php scripts and find where that link is being created, then change the url for the link to the new format.

Make sure you are passing the users email address to $mail->addAddress(). What variable has the users email address for the forgotten password form?

Ok, didn't look at your code properly you posted earlier. Remember you need to be replacing where you use mail() with the phpmailer code, as I suggested in my earlier reply here. You have placed the phpmailer code incorrectly. This is why you are getting email twice. Java? PHP has nothing do with that.

You pass your array $data to array_unique not the values you are adding to the array.

You need to replace line 216 mail($email,$subject,$message,$headers); With lines 169 to 190

For example I would replace your following code $subject = "Change Password Notification"; $message = "Hello User,\n\nYour Password is sucessfully changed.\n\nRegards,\nLearn2Crack Team."; $from = "contact@learn2crack.com"; $headers = "From:" . $from; mail($email,$subject,$message,$headers); With the following require_once 'phpmailer.php'; // sets the email subjuct $mail->Subject = "Change Password Notification"; // sets the body of the email $mail->Body = "Hello User,\n\nYour Password is sucessfully changed.\n\nRegards,\nLearn2Crack Team."; // who the email was sent from (your email) $mail->From = "contact@learn2crack.com"; // the email address you are sending this email to $mail->addAddress($email); // make sure email did not return error message if(!$mail->send()) { trigger_error('Unable to send mail! Mail error: ' . $mail->ErrorInfo); } NOTE: In phpmailer.php you would only want to keep the first 12 lines of code, the rest of the lines will need to be deleted. If you still want the wordwrap and html email format then keep these two lines $mail->WordWrap = 50; $mail->isHTML(true); Have a go at converting the two other instances where you use mail().

If you are expecting mod rewrite to change the links for you then you are wrong. You have to edit your code to output the links in the new url format

What specifically are you having trouble with? As I said you replace the line where you use mail() with the code for phpmailer.

You would use that code, to replace where you using php's mail() function To have the email sent to the email address the user entered in your registration form, you would pass the variables that contains the users email address and name to the $mail->addAddress() function in your registration code.

With the mysqli_* functions most require the mysqli instance (in your case $Connection) to be passed to them when they are called. This you are doing. The problem is you are using mysqli instance ($Connection) inside your own function. Functions have their own variable scope. Meaning, variables that are defined outside of them function is not available within the function. To get around this you need to pass $Connection as another argument to the auth function when you call it (Or be lazy and define it as global) . This is how your function should be defined in functions_security.php function auth($Connection, $username, $password) { Then when calling the function in login.php $auth = auth($Connection, $username, $password); Other changes you need to make in functions_security.php are Line 11 needs to be changed to use mysqli_real_escape_string $username = mysqli_real_escape_string($Connection, $username); mysqli_error requires the mysqli instance ($Connection) when using it. eg mysqli_error($Connection) You should not use md5 for hashing passwords, instead you should use PHP's password_hash library for hashing/checking users passwords (if you are not using PHP5.5 then use this password compatibility library).

By reading through the documentation for which ever script you are using.

If it is also auto_increment then you maybe able to change $insertGoTo = "AdminRegistration.php"; to be $newChildcareId = mysql_insert_id(); $insertGoTo = "AdminRegistration.php?ChildcareID=$newChildcareId"; BTW In page2 you have duplicated code on lines 68 to 84, you only need to the code that is on lines 68 to 76

You assign the column value as the case UPDATE workout_routines SET machine_seq = CASE machine_seq WHEN $prev_seq THEN $seq WHEN $seq THEN $prev_seq END WHERE user_id = '$userid' AND routine_id = '$routine' AND machine_seq IN ($prev_seq,$seq)

With those mail settings, emails will only work if you have an SMTP server installed locally. PHP does not come with a mailer server. I recommend you use something like PHPMailer or SwitfMailer and configure them to use an existing SMTP service (such as gmail) for sending emails.

There is nothing in the code for page 1 which sets or gets the childcareid? Can you tell use what/where the childcareid is?

What does this mean? Your question is not very clear.

The id in the url is being removed when the form is submitted. Either leave the form action blank or pass the id as a hidden input field <input type="hidden" name="id" value="<?php echo intval($_GET['id']); ?>" /> You will have to use $_POST['id'] rather than $_GET['id'] in your code.

Your update query is slightly incorrect it should be $query = " UPDATE drive_routes SET status = 1, comments = :comments, handledby = :handleby WHERE id = :id "; $query_params = array( ':comments' => $_POST['comments'], ':handleby' => $_SESSION['userid'], ':id' => $id );

You saying u.id must equal both dr.driver and dr.handleby? INNER JOIN users u ON u.id = dr.driver AND u.id = dr.handledby or u.id can equal either dr.driver or dr.handledby INNER JOIN users u ON u.id = dr.driver OR u.id = dr.handledby

I wouldn't use a for loop. Better to foreach loop over the elements returned from the xpath query, example $option_array = array(); // finds all <option price="xxx">zzz</option> tags in <div class="input-box"> foreach($xpath->query("//div[@class='input-box']//option[@price]") as $option) { // add price attribute value and and option tag text items to array $option_array[] = array($option->getAttribute('price'), $option->nodeValue); }

What is the datatype for the password field in your database?

Yeah, I thought you wanted to get the total rows returned by your query. To hve your fuction return the results from both query, you will have your function return an array. Example function yourFunction() { ... omitted code ... $sqlQ = "SELECT all my data"; $stmt = $this->con->prepare($sqlQ); $stmt->execute(); $results = $stmt->fetchAll(PDO::FETCH_ASSOC); $sqlQ = "SELECT FOUND_ROWS()"; $stmt = $this->con->query($sqlQ); $totalRows = $stmt->fetchColumn(0); // return the results of queries above as an array return array($results, $rowsFound); } Then when calling your function you do something like this, list($results, $rowsFound) = yourFunction(); // or alternatively written as $data = yourFunction(); $results = $data[0]; $rowsFound = $data[1];

As I said the problem is the password you have stored in the database has 20 characters, The password you had typed into the password field in the browser is only 9 characters. Therefore the passwords do not match. In order for the passwords to match they must be the same. If you are using the same password as when you added the password to the database, then there is likely an issue with the code that adds the password to the database, for some reason extra characters are being added your password. So can you tell us the code that adds the password to the database.

The passwords do not match because $row["Password"] contains 20 characters (11 of those being whitespace, non printable characters), whereas $_SERVER['PHP_AUTH_PW'] contains 9 characters. How are you adding the password to the database?