diff --git a/Server PHP/accountFunctions.php b/Server PHP/accountFunctions.php
index 5278d70..971bd43 100644
--- a/Server PHP/accountFunctions.php
+++ b/Server PHP/accountFunctions.php
@@ -18,8 +18,18 @@ function createAccount($email, $username, $password, $sock) {
$check_username = "SELECT * FROM UserInfo WHERE Username = '$username'";
$check_email = "SELECT * FROM UserInfo WHERE Email = '$email'";
+ $passwordHash = password_hash($password, PASSWORD_DEFAULT);
+
+ $defaultQ1 = "What_is_your_mother's_maiden_name?";
+ $defaultQ2 = "What_is_the_name_of_the_street_you_grew_up_on?";
+ $defaultQ3 = "What_was_the_name_of_your_first_pet?";
+
+ $defaultQ1 = mysqli_real_escape_string($connection, $defaultQ1);
+ $defaultQ2 = mysqli_real_escape_string($connection, $defaultQ2);
+ $defaultQ3 = mysqli_real_escape_string($connection, $defaultQ3);
+
//Insert Query
- $insert = "INSERT INTO UserInfo (Username, Pass, Email) VALUES ('$username', '$password', '$email')";
+ $insert = "INSERT INTO UserInfo (Username, Pass, Email, SQ1, SQ2, SQ3) VALUES ('$username', '$passwordHash', '$email', '$defaultQ1', '$defaultQ2', '$defaultQ3')";
if (($username_exists = checkExists($connection, $check_username)) > 0) { //returns failcase of username existing.
$message = "FAILUsername exists, please try again.";
@@ -35,6 +45,9 @@ function createAccount($email, $username, $password, $sock) {
sendMessage($message, $sock);
sendRegEmail($email);
}
+ else {
+ echo("Error description: " . mysqli_error($connection));
+ }
}
disconnect($connection);
}
@@ -49,7 +62,7 @@ function loginAccount($username, $password, $sock) {
//Checks if username exists before attempting to login, will return error otherwise.
if (($username_exists = checkExists($connection, $check_username)) > 0) {
$checkPass = getObjString($connection, $check_password)->Pass;
- if ($checkPass == $password) {
+ if (password_verify($password, $checkPass)) {
$resultEmail = getObjString($connection, $check_email)->Email;
$message = "SUCC{$resultEmail}"; //Successful if matches and writes back email belonging to user for UI
sendMessage($message, $sock);
@@ -86,24 +99,22 @@ function logoutAccount($username, $sock) {
//unfinished code to change a users password, need client input
function changePassword($username, $password, $sock) {
$connection = connectAccount();
-
- // UI should now send a 'they did it' message and a new password
- $newPass = nul; //new pass from UI goes here
- $change_password = "UPDATE UserInfo SET Pass= 'newPass' WHERE Username = '$username'";
- if (mysqli_query($connection, $change_password)) {
- fwrite($sock, "SUCC\n");
+ $passwordHash = password_hash($password, PASSWORD_DEFAULT);
+ $query = "UPDATE UserInfo SET Pass='$passwordHash' WHERE Username = '$username'";
+ if (!mysqli_query($connection, $query)) {
+ $message = "FAILSomething went wrong. Either the username does not exist or there was an issue connecting to the database.\n\n";
+ sendMessage($message, $sock);
}
else {
- fwrite($sock, "FAIL\n");
+ $message = "SUCCPassword was successfully changed!\n\n";
+ sendMessage($message, $sock);
}
-
disconnect($connection);
}
// unfinised account recovery using email method. outdated, unused, unloved
function recoverAccount($email, $password, $sock) {
$connection = connectAccount();
-
//check if email exists before attempting to send recovery email, will return error otherwise.
$check_email = "SELECT Email FROM UserInfo WHERE Email = '$email'";
$change_password = "UPDATE UserInfo SET Pass= '$newPass' WHERE Email = '$email'";
@@ -131,17 +142,22 @@ function recoverAccount($email, $password, $sock) {
// takes users email, returns users username.
function rememberUsername ($email, $sock) {
$connection = connectAccount();
-
$find_user = "SELECT Username FROM UserInfo WHERE Email = '$email'"; //finds a username tied to a email
- $resultUser = mysqli_query($connection, $find_user); //runs find_user
- $obj = $resultUser->fetch_object();
- $returnUser = $obj->Username; // returnUser == return value of find_user
- $message = "SUCC{$returnUser}";
- sendMessage($message, $socket);
-
+ if(checkExists($connection, $find_user) > 0) {
+ $returnUser = getObjString($connection, $find_user)->Username;
+// $message = "SUCC1Email has been sent with your username. Make sure to check your spam folder!\n";
+ $message = "SUCCEmail has been sent with your username. Make sure to check your spam folder!\n";
+ sendMessage($message, $sock);
+ sendVerEmail($email, $returnUser);
+ }
+ else {
+ $message = "FAILNo username found with that email. Try again!\n";
+ sendMessage($message, $sock);
+ }
disconnect($connection);
}
+
// recovery option for remembering a password, sends a recovery email
function rememberPassword ($username, $email, $sock) {
$connection = connectAccount();
diff --git a/Server PHP/flashCardFunctions.php b/Server PHP/flashCardFunctions.php
index 4a01a36..8524723 100755
--- a/Server PHP/flashCardFunctions.php
+++ b/Server PHP/flashCardFunctions.php
@@ -3,7 +3,6 @@
include_once 'utilityFunctions.php';
include_once 'groupFunctions.php';
include_once 'whiteboardFunctions.php';
-include_once 'utilityFunctions.php';
@@ -13,11 +12,11 @@ function updateFlashCards($connection, $ip, $clients, $groupID, $sock) {
//RETURN FRONT SIDE AND BACK SIDE
for($i= 0; $i<2; $i++){
if($i == 0){
- $side == 'side1';
+ $side = 'side1';
$code = 'FCFT';
}
else if($i == 1){
- $side == 'side2';
+ $side = 'side2';
$code = 'FCBK';
}
$return_FlashCards = "SELECT id, $side
@@ -37,10 +36,9 @@ function updateFlashCards($connection, $ip, $clients, $groupID, $sock) {
} //closes query for loop
} //closes front/back for loop
disconnect($connection);
-
-
}//Close function
+
function addToCard($groupID, $num, $message, $user, $clientList, $sock, $side) {
$side = "side" . "$side";
$connection = connectGroup();
@@ -53,6 +51,10 @@ function addToCard($groupID, $num, $message, $user, $clientList, $sock, $side) {
$username = mysqli_real_escape_string($connection, $username);
$message = mysqli_real_escape_string($connection, $message);
$groupID = mysqli_real_escape_string($connection, $groupID);
+
+ $unescMessage = stripslashes($message);
+ $unescGroupID = stripslashes($groupID);
+
$flashGroupID = "$groupID" . "FC";
$return_ipList = "SELECT ipAddress FROM $groupID WHERE ipAddress IS NOT NULL";
$resultIP = mysqli_query($connection, $return_ipList); //Returns list of current IP addresses i.e. current user list connected.
@@ -61,29 +63,29 @@ function addToCard($groupID, $num, $message, $user, $clientList, $sock, $side) {
// Check to see if the id for this card exists already
$check_card = "SELECT * FROM $flashGroupID WHERE (id='$num')";
if (checkExists($connection, $check_card) > 0){
- echo "Card exists already ";
+ echo "Card exists already \n";
$update = "UPDATE $flashGroupID SET user= '$username', $side='$message' WHERE (id='$num')";
mysqli_query($connection, $update);
$NewID = "SELECT id FROM $flashGroupID WHERE (user='$username' AND $side='$message')";
$returnID = getObjString($connection, $NewID)->id;
$returnID = $returnID -1;
- $clientMessage = "SUCC{$returnID}";
+ /*$clientMessage = "SUCC{$returnID}";
sendMessage($clientMessage, $sock);
- echo "$clientMessage \n";
+ //echo "$clientMessage \n";*/
- while($rowIP = mysqli_fetch_array($resultIP)){
- $keyIP = $rowIP[0];
- $keySock = $clientList[$keyIP]->getSocket();
- $FlashCards = "$groupID $returnID $message";
- if($side == 'side1'){
- $clientMessage = "FCFT$FlashCards";
- }
- else if($side == 'side2'){
- $clientMessage = "FCBK$FlashCards";
- }
- sendMessage($clientMessage, $keySock);
- } //Closes while loop
+ while($rowIP = mysqli_fetch_array($resultIP)){
+ $keyIP = $rowIP[0];
+ $keySock = $clientList[$keyIP]->getSocket();
+ $FlashCards = "$unescGroupID $returnID $unescMessage";
+ if($side == 'side1'){
+ $clientMessage = "FCFT$FlashCards";
+ }
+ else if($side == 'side2'){
+ $clientMessage = "FCBK$FlashCards";
+ }
+ sendMessage($clientMessage, $keySock);
+ } //Closes while loop
}//Closes outer if statement
else{
@@ -92,24 +94,25 @@ function addToCard($groupID, $num, $message, $user, $clientList, $sock, $side) {
$returnID = getObjString($connection, $NewID)->id;
$returnID = $returnID -1;
//echo "returnID is: $returnID\n\n";
- $clientMessage = "SUCC{$returnID}";
+ /*$clientMessage = "SUCC{$returnID}";
//echo "clientMessage is: $clientMessage\n\n";
- sendMessage($clientMessage, $sock);
+ sendMessage($clientMessage, $sock);*/
-while($rowIP = mysqli_fetch_array($resultIP)){
- $keyIP = $rowIP[0];
- $keySock = $clientList[$keyIP]->getSocket();
- $FlashCards = "$groupID $returnID $message";
- if($side == 'side1'){
- $clientMessage == "FCFT$FlashCards";
- }
- else if($side == 'side2'){
- $clientMessage == "FCBK$FlashCards";
- }
- sendMessage($clientMessage, $keySock);
-}// end while loop
+ while($rowIP = mysqli_fetch_array($resultIP)){
+ $keyIP = $rowIP[0];
+ $keySock = $clientList[$keyIP]->getSocket();
+ $FlashCards = "$unescGroupID $returnID $unescMessage";
+ if($side == 'side1'){
+ $clientMessage = "FCFT$FlashCards";
+ }
+ else if($side == 'side2'){
+ $clientMessage = "FCBK$FlashCards";
+ }
+ sendMessage($clientMessage, $keySock);
+ }// end while loop
} // end else bracket
disconnect($connection);
}//close function
+
?>
diff --git a/Server PHP/securityQuestions.php b/Server PHP/securityQuestions.php
new file mode 100644
index 0000000..12bad5a
--- /dev/null
+++ b/Server PHP/securityQuestions.php
@@ -0,0 +1,180 @@
+SQ1;
+ echo "This is q1 as string: " . "$q1\n";
+ $q2 = getObjString($connection, $query2)->SQ2;
+ echo "This is q2 as object? : " . "{$q2}\n\n";
+ $q3 = getObjString($connection, $query3)->SQ3;
+ echo "This is q3 as object? : " . "{$q3}\n\n";
+ */
+
+ $message = "REQQ{$q1} {$q2} {$q3}";
+ sendMessage($message, $sock);
+ disconnect($connection);
+}
+
+
+//might actually not need this function but i'm leaving it for now
+function reqSecAns($user, $sock) {
+ $connection = connectAccount();
+ $username = $user;
+ $query1 = "SELECT SQA1 FROM UserInfo WHERE Username = '$username'";
+ $query2 = "SELECT SQA2 FROM UserInfo WHERE Username = '$username'";
+ $query3 = "SELECT SQA3 FROM UserInfo WHERE Username = '$username'";
+
+ $a1 = getObjString($connection, $query1)->SQA1;
+ $a2 = getObjString($connection, $query2)->SQA2;
+ $a3 = getObjString($connection, $query3)->SQA3;
+
+ $message = "REQA$a1 $a2 $a3";
+ sendMessage($message, $sock);
+ disconnect($connection);
+}
+
+function setSecQuest($user, $q1, $q2, $q3, $sock) {
+ $connection = connectAccount();
+ $username = $user;
+ echo "This is q1 as received by setSecQuest: $q1\n\n";
+ echo "This is q2 as received by setSecQuest: $q2\n\n";
+ echo "This is q3 as received by setSecQuest: $q3\n\n";
+ $escQ1 = mysqli_real_escape_string($connection, $q1);
+ $escQ2 = mysqli_real_escape_string($connection, $q2);
+ $escQ3 = mysqli_real_escape_string($connection, $q3);
+ echo "This is escq1: $escQ1\n\n";
+ echo "This is escq2: $escQ2\n\n";
+ echo "This is escq3: $escQ3\n\n";
+ $query = "UPDATE UserInfo SET SQ1='$escQ1', SQ2='$escQ2', SQ3='$escQ3' WHERE Username = '$username'";
+ echo "Here is the setSecQuest query: $query\n\n";
+ if (!mysqli_query($connection, $query)) {
+ $message = "FAILThere was an issue setting the security questions.\n\n";
+ echo("Error description: " . mysqli_error($connection));
+ sendMessage($message, $sock);
+ }
+}
+
+
+
+function setSecAns($user, $a1, $a2, $a3, $sock) {
+ $connection = connectAccount();
+ $username = $user;
+
+
+ /*not sure if i need to escape string, or if hashing will be good enough. leaving this in case hashing alone does not work
+ $escA1 = mysqli_real_escape_string($connection, $a1);
+ $escA2 = mysqli_real_escape_string($connection, $a2);
+ $escA3 = mysqli_real_escape_string($connection, $a3);
+ */
+
+ //$a1Hash = mysqli_real_escape_string($connection, password_hash($a1, PASSWORD_DEFAULT));
+ //$a2Hash = mysqli_real_escape_string($connection, password_hash($a2, PASSWORD_DEFAULT));
+ //$a3Hash = mysqli_real_escape_string($connection, password_hash($a3, PASSWORD_DEFAULT));
+
+ $a1Hash = password_hash($a1, PASSWORD_DEFAULT);
+ $a2Hash = password_hash($a2, PASSWORD_DEFAULT);
+ $a3Hash = password_hash($a3, PASSWORD_DEFAULT);
+
+
+
+ $query = "UPDATE UserInfo SET SQA1='$a1Hash', SQA2='$a2Hash', SQA3='$a3Hash' WHERE Username = '$username'";
+ if (!mysqli_query($connection, $query)) {
+ $message = "FAILThere was an issue setting the security question answers.\n\n";
+ sendMessage($message, $sock);
+ }
+
+}
+
+function sendRandomSecQuest($user, $sock) {
+ $connection = connectAccount();
+ $num = rand(1,3);
+ $column = "SQ" . "$num";
+ $query = "SELECT $column FROM UserInfo WHERE (Username='$user')";
+ if (!mysqli_query($connection, $query)) {
+ $message = "FAILUser doesn't exist or questions are not set.\n\n";
+ sendMessage($message, $sock);
+ }
+ else {
+ $question = getObjString($connection, $query)->$column;
+ $message ="RPWD$num $question";
+ sendMessage($message, $sock);
+ }
+ disconnect($connection);
+}
+
+function checkSecAnswer($user, $num, $answer, $sock) {
+ $connection = connectAccount();
+ $column = "SQA" . "$num";
+ $query = "SELECT $column FROM UserInfo WHERE (Username='$user')";
+ if(!mysqli_query($connection, $query)) {
+ $message = "FAILUser doesn't exist or answer not set.\n\n";
+ sendMessage($message, $sock);
+ }
+ else {
+ $answerDB = getObjString($connection, $query)->$column;
+ if (password_verify($answer, $answerDB)) {
+ $query = "SELECT Email FROM UserInfo WHERE (Username='$user')";
+ $email = getObjString($connection, $query)->Email;
+ sendRecCode($email, $user);
+ $message = "SUCCAn email has been sent to you with a recovery code. Please remember to check your spam folder!\n\n";
+ sendMessage($message, $sock);
+ }
+ else {
+ $message = "FAILAnswer did not match. Try again!";
+ sendMessage($message, $sock);
+ }
+ }
+}
+
+
+function checkCode($user, $code, $sock) {
+ $connection = connectAccount();
+ $query = "SELECT RecCode FROM UserInfo WHERE (Username='$user')";
+ if(!mysqli_query($connection, $query)) {
+ $message = "FAIL";
+ sendMessage($message, $sock);
+ }
+ else {
+ if ($code == getObjString($connection, $query)->RecCode) {
+ $message = "SUCC";
+ sendMessage($message, $sock);
+ }
+ else {
+ $message = "FAIL";
+ sendMessage($message, $sock);
+ }
+ }
+ disconnect($connection);
+}
+
+
+?>
diff --git a/Server PHP/sendEmail.php b/Server PHP/sendEmail.php
index 14c8e3a..9b1068e 100644
--- a/Server PHP/sendEmail.php
+++ b/Server PHP/sendEmail.php
@@ -2,14 +2,15 @@
function sendRegEmail($email){
- $to = "$email";
- $subject = "Welcome to StudyGroup!";
- $body = "Hi,\n\nHow are you? \nThis is a confirmation email letting you know that your account $email has been created.";
- if (mail($to, $subject, $body)) {
- echo("Email successfully sent!
");
- } else {
- echo("Email delivery failed…
");
- }
+ $to = "$email";
+ $subject = "Welcome to StudyGroup!";
+ $body = "Hi,\n\nHow are you? \nThis is a confirmation email letting you know that your account $email has been created.";
+ if (mail($to, $subject, $body)) {
+ echo("Email successfully sent!
");
+ }
+ else {
+ echo("Email delivery failed…
");
+ }
}
function recPWEmail($email, $user, $pass){
@@ -22,14 +23,55 @@ function recPWEmail($email, $user, $pass){
$body .= "
"; //success kid
$body .= "