admin/37684-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

LPA-Health V1.2

Browse Source
This commit is contained in:
Flatlogic Bot 2026-03-01 00:19:57 +00:00
parent efd6077fc9
commit 8b1250d5af
4 changed files with 11 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
forgot-password.php
View File

@ -26,8 +26,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$update = db()->prepare('UPDATE users SET reset_token = ?, reset_expires_at = ? WHERE id = ?'); $update = db()->prepare('UPDATE users SET reset_token = ?, reset_expires_at = ? WHERE id = ?');
$update->execute([$token, $expiry, $user['id']]); $update->execute([$token, $expiry, $user['id']]);
$host = $_SERVER['HTTP_HOST']; $host = $_SERVER['HTTP_HOST'] ?? 'localhost';
$protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http'; $protocol = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') ? 'https' : 'http';
$reset_link = "$protocol://$host/reset-password.php?token=$token"; $reset_link = "$protocol://$host/reset-password.php?token=$token";
$subject = 'Reset Your Password'; $subject = 'Reset Your Password';
@ -47,7 +47,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
"; ";
$text = "Hello $name,\n\nYou recently requested to reset your password for your $project_name account. Copy and paste the link below into your browser to reset it. This link is valid for 1 hour.\n\n$reset_link\n\nIf you did not request a password reset, please ignore this email."; $text = "Hello $name,\n\nYou recently requested to reset your password for your $project_name account. Copy and paste the link below into your browser to reset it. This link is valid for 1 hour.\n\n$reset_link\n\nIf you did not request a password reset, please ignore this email.";
$res = MailService::sendMail($email, $subject, $html, $text); $res = MailService::sendMail($email, $subject, $html, $text);
if (!empty($res['success'])) { if (!empty($res['success'])) {
$success = 'If an account exists for that email, you will receive a password reset link shortly.'; $success = 'If an account exists for that email, you will receive a password reset link shortly.';
@ -120,4 +120,4 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
</div> </div>
</footer> </footer>
</body> </body>
</html> </html>

2
mail/MailService.php
View File

@ -232,4 +232,4 @@ class MailService
$html = nl2br(htmlspecialchars($body, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8')); $html = nl2br(htmlspecialchars($body, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'));
return self::sendMail($to, $subject, $html, $body, $opts); return self::sendMail($to, $subject, $html, $body, $opts);
} }
} }

9
resend-verification.php
View File

@ -28,8 +28,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' || isset($_GET['email'])) {
$stmt = $db->prepare('UPDATE users SET verification_token = ? WHERE id = ?'); $stmt = $db->prepare('UPDATE users SET verification_token = ? WHERE id = ?');
if ($stmt->execute([$token, $user['id']])) { if ($stmt->execute([$token, $user['id']])) {
// Send verification email // Send verification email
$proto = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http'; $proto = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') ? 'https' : 'http';
$host = $_SERVER['HTTP_HOST']; $host = $_SERVER['HTTP_HOST'] ?? 'localhost';
$verify_link = "$proto://$host/verify.php?token=$token"; $verify_link = "$proto://$host/verify.php?token=$token";
$subject = "Verify your account - $project_name"; $subject = "Verify your account - $project_name";
@ -56,9 +56,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' || isset($_GET['email'])) {
} }
} }
} else { } else {
// We don't want to reveal if an email exists, but in this specific context (resend activation),
// it's usually okay or we can say "If an account exists, a link was sent".
// However, the original signup reveals it, so let's just say not found for simplicity here.
$error = 'No account found with this email address.'; $error = 'No account found with this email address.';
} }
} }
@ -124,4 +121,4 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' || isset($_GET['email'])) {
</div> </div>
</footer> </footer>
</body> </body>
</html> </html>

6
signup.php
View File

@ -37,8 +37,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$stmt = $db->prepare('INSERT INTO users (name, email, password, is_verified, verification_token) VALUES (?, ?, ?, 0, ?)'); $stmt = $db->prepare('INSERT INTO users (name, email, password, is_verified, verification_token) VALUES (?, ?, ?, 0, ?)');
if ($stmt->execute([$name, $email, $hashed_password, $token])) { if ($stmt->execute([$name, $email, $hashed_password, $token])) {
// Send verification email // Send verification email
$proto = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http'; $proto = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') ? 'https' : 'http';
$host = $_SERVER['HTTP_HOST']; $host = $_SERVER['HTTP_HOST'] ?? 'localhost';
$verify_link = "$proto://$host/verify.php?token=$token"; $verify_link = "$proto://$host/verify.php?token=$token";
$subject = "Verify your account - $project_name"; $subject = "Verify your account - $project_name";
@ -151,4 +151,4 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
</div> </div>
</footer> </footer>
</body> </body>
</html> </html>