Try: ca/tecreations/ViewFile.php -- Online
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . "/Base.php";
if (!isset($_REQUEST['email']) || empty($_REQUEST['email'])) Unauthorized();
$qa->setDebug(false);
$email = $_REQUEST['email'];
if (!$user->isEmailConfirmed($email)) {
header("Location: /ca/tecreations/Login/ConfirmEmail.php?email=$email");
} else {
// coming at it from ConfirmEmailDone
// so the user has already authenticated by virtue of it coming from their
// email inbox. So just log them automatically
if (!isset($_SESSION['uid'])) {
$_SESSION['uid'] = $user->getUID($email);
$_SESSION['level'] = $user->getLevel($_SESSION['uid']);
$user->login($_SESSION['uid']);
}
}
// and regardless how they got here, make sure their security is done.
$uid = $_SESSION['uid'];
$level = $_SESSION['level'];
$a1 = $a2 = $a3 = $q1 = $q2 = $q3 = $a1_err = $a2_err = $a3_err = "";
$a1 = $qa->getA1($uid);
$a2 = $qa->getA2($uid);
$a3 = $qa->getA3($uid);
$q1 = $qa->getQ1($uid);
$q1 = $qa->getQ2($uid);
$q1 = $qa->getQ3($uid);
if (!empty($a1) && !empty($a2) && !empty($a3)) {
// so they've completed the security recovery phase, so just take them to their home
header("Location: $PREFIX_DIR/Apps/Welcome.php");
exit();
} else {
if (isset($_REQUEST['a1']) && isset($_REQUEST['a2']) && isset($_REQUEST['a3'])) {
$a1 = $_REQUEST['a1'];
$a2 = $_REQUEST['a2'];
$a3 = $_REQUEST['a3'];
if (empty($a1)) $a1_err = "Empty";
if (isset($_REQUEST['q1']) && isset($_REQUEST['q2']) && isset($_REQUEST['q3'])) {
$q1 = $_REQUEST['q1'];
$q2 = $_REQUEST['q2'];
$q3 = $_REQUEST['q3'];
}
}
}
if ($q1 == $q2 && $q1 != "") $a2_err = "Cannot select the same question twice.";
if ($q1 == $q3 && $q1 != "") $a3_err = "Cannot select the same question twice.";
if ($q2 == $q3 && $q2 != "") $a3_err = "Cannot select the same question twice.";
if (isset($_REQUEST['q1']) && empty($q1)) $a1_err = "You must select a question.";
if (isset($_REQUEST['q2']) && empty($q2)) $a2_err = "You must select a question.";
if (isset($_REQUEST['q3']) && empty($q3)) $a3_err = "You must select a question.";
if (!empty($a1) && !empty($a2) && !empty($a3) && $a1_err == "" && $a2_err == "" && $a3_err == "") {
$qa->setA1($uid,mysqli_real_escape_string($qa->mysqli,strtolower($a1)));
$qa->setA2($uid,mysqli_real_escape_string($qa->mysqli,strtolower($a2)));
$qa->setA3($uid,mysqli_real_escape_string($qa->mysqli,strtolower($a3)));
$qa->setQ1($uid,$q1);
$qa->setQ2($uid,$q2);
$qa->setQ3($uid,$q3);
$user->eraseToken($email);
header("Location: " . $_SERVER['PHP_SELF']);
}
require_once $_SERVER['DOCUMENT_ROOT'] . "$PREFIX_DIR/start.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "$PREFIX_DIR/header_start.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "$PREFIX_DIR/header_finish.php";
?>
<title>Security Questions</title>
<style type="text/css">
.wrapper { width: 600px; padding: 25px; }
</style>
<script src="/Global.js"></script>
</head>
<body onmousedown="resetTimeout();" onmouseup="resetTimeout();"
onmousemove="resetTimeout();" onkeydown="resetTimeout();"
onload="timeoutObject=setTimeout('logout()',<?php GLOBAL $TIMEOUT; echo $TIMEOUT; ?>);">
<div class="wrapper">
<center><h2>Security Questions and Answers</h2></center>
<p>Please fill out this form to finish creating your account.</p>
<p>These questions and answers will be used to recover your account in the event you lose your password.</p>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="get">
<div class="form-group">
<label>Question 1</label>
<select name="q1" class="form-control" autofocus>
<option value="0" <?php if ($q1 == 0) print("selected"); ?>>Select a question from this list.</option>
<?php
$result = $qa->select("SELECT id, text FROM $QUESTIONS");
$count = $result['count'];
for($i = 0; $i < $count;$i++) {
$row = $result['rows'][$i];
print("<option");
if ($row['id'] == $q1) print(" selected");
print(" value='" . $row['id'] . "'>" . $row['text'] . "</option>\n");
}
?>
</select>
</div>
<div class='form-group <?php echo (!empty($a1_err)) ? 'has-error' : ''; ?>'">
<label>Response</label>
<input autocomplete=off type="text" name="a1" class="form-control" value="<?php echo htmlspecialchars($a1); ?>">
<span class="help-block"><?php echo $a1_err; ?></span>
</div>
<div class="form-group">
<label>Question 2</label>
<select name="q2" class="form-control">
<option value="0" <?php if ($q1 == 0) print("selected"); ?>>Select a question from this list.</option>
<?php
$result = $qa->select("SELECT id, text FROM $QUESTIONS");
$count = $result['count'];
for($i = 0; $i < $count;$i++) {
$row = $result['rows'][$i];
print("<option");
if ($row['id'] == $q2) print(" selected");
print(" value='" . $row['id'] . "'>" . $row['text'] . "</option>\n");
}
?>
</select>
</div>
<div class="form-group <?php echo (!empty($a2_err)) ? 'has-error' : ''; ?>">
<label>Response</label>
<input autocomplete=off type="text" name="a2" class="form-control" value="<?php echo htmlspecialchars($a2); ?>">
<span class="help-block"><?php echo $a2_err; ?></span>
</div>
<div class="form-group">
<label>Question 3</label>
<select name="q3" class="form-control">
<option value="0" <?php if ($q1 == 0) print("selected"); ?>>Select a question from this list.</option>
<?php
$result = $qa->select("SELECT id, text FROM $QUESTIONS");
$count = $result['count'];
for($i = 0; $i < $count;$i++) {
$row = $result['rows'][$i];
print("<option");
if ($row['id'] == $q3) print(" selected");
print(" value='" . $row['id'] . "'>" . $row['text'] . "</option>\n");
}
?>
</select>
</div>
<div class="form-group <?php echo (!empty($a3_err)) ? 'has-error' : ''; ?>">
<label>Response</label>
<input autocomplete=off type="text" name="a3" class="form-control" value="<?php echo htmlspecialchars($a3); ?>">
<span class="help-block"><?php echo $a3_err; ?></span>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit">
<input type="reset" class="btn btn-default" value="Reset">
</div>
</form>
</div>
</body>
</html>