86400]); $_SESSION = array(); sleep(1); $error_msg = "

Error

Failed connecting to the MySQL database

Check the following things:

Is your computer connected to the network?
Is the username and password correct?
The MySQL server might have errors, or might not be running. Ensure you can connect using the workbench tool
Check the settings in the file connection_info.php are correct

"; function redirect($userarray) { global $auth_link; global $link; global $debug; global $error_msg; if ($debug) print_r($userarray); foreach ($userarray as $key => $value) { if (!is_numeric($key)) $_SESSION[$key] = $value; } $_SESSION['expires'] = date('Y-m-d H:i:s', strtotime('+12 hours')); $url = ""; if (count($_GET) > 0 && strlen($_GET['url']) > 0 && isset($_GET['url']) && !stristr($_GET['url'], 'signin')) { foreach ($_GET as $key => $value) { if ($key == "url") { $url .= $value . "?"; } else { if (substr($url, strlen($url) - 1) != "?") { $url .= "&" . $key . "=" . $value; } else { $url .= $key . "=" . $value; } } } if (substr($url, strlen($url) - 1) == "?") $url = substr($url, 0, strlen($url) - 1); //remove ? if there is nothing after it } else $url = "home.php"; //default page, if none is specified require 'inc/connection_info.php'; $database .= $userarray['userSite']; $link = new mysqli($server, $dbusername, $dbpassword, $database); if (!$link) die($error_msg); $sql = " # get info for session Select * From dw_settings Where settingsID = ? "; if (!$settingsqry = mysqli_prepared_query($link, $sql, "i", array($userarray['userSite']), __FILE__, __LINE__)) reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__); if (mysqli_prepared_num_rows($settingsqry) == 1) { foreach ($userarray as $key => $value) { if (!is_numeric($key)) $_SESSION[$key] = $value; } } else { die('More than 1 setting found'); } if ($debug) { echo "" . $url . "
"; foreach ($_SESSION as $key => $value) { echo $key . ": " . $value . "
"; } } else { header("HTTP/1.1 303 See Other"); if (stristr($url, 'signin')) header("Location: home.php"); else header("Location: " . $url); } die(); } if (isset($_GET['debug'])) $debug = true; else $debug = false; $_SESSION['userEmail'] = ""; require "inc/connection_info.php"; require "inc/savesql.php"; require "inc/mysqli_prepared_query.php"; require "inc/mysqli_prepared_num_rows.php"; require "inc/func_email.php"; //$auth_link=@mysqli_connect($server, $dbusername, $dbpassword, $database); $auth_link = new mysqli($server, $authusername, $authpassword, $authdb); if (!$auth_link) die($error_msg); global $auth_link; require "inc/reporterror.php"; $status = 0; if (isset($_POST['resetpwd']) && isset($_POST['userEmail']) && $_POST['userEmail'] != "") { //generate new password if ($debug) { echo "

";
		print_r($_POST);
		echo "

"; } $words = file("inc/words.txt"); $numwords = mt_rand(2, 4); //between 2 and 4 words $newpassword = ""; for ($i = 0; $i < $numwords; $i++) { $rand = mt_rand(0, count($words) - 1); $newpassword .= trim(ucfirst($words[$rand])); //no spaces } $newpassword .= mt_rand(11, 99); //add a random number to the end $userEmail = mysqli_real_escape_string($auth_link, $_POST['userEmail']); //dont have access to clean() yet $sql = " UPDATE dw_auth SET userPassword = ? WHERE userEmail = ? "; if (!savesql($auth_link, $sql, "ss", array((password_hash($newpassword, PASSWORD_DEFAULT)), $userEmail), __FILE__, __LINE__)) reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__); $sql = " Select userFirst, userPhone From dw_auth Where userEmail = ? "; if (!$selquery = mysqli_prepared_query($auth_link, $sql, "s", array($userEmail), __FILE__, __LINE__)) reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__); $user2array = $selquery[0]; $userFirst = $user2array['userFirst']; $body .= 'Your password was automatically changed in DairyWindow at ' . date('D d M y H:m') . ' by IP address ' . $_SERVER['REMOTE_ADDR'] . '.
Your new password is ' . $newpassword . '
Your old one won\'t work anymore. Don\'t forget that passwords are cAsE sEnSiTiVe. Ensure you copy and paste the whole thing.
You can update your password (after logging in) by updating your profile.

If you didn\'t make this change, please let us know.'; $pwdemailed = email($userEmail, 'DW password change', $body); if (isset($user2array['userPhone']) && $user2array['userPhone'] != "" && $user2array['userPhone'] != null) { require "inc/sms.php"; $text = substr("Your DW password has changed. It is now '" . $newpassword . "'. If you did not make this change, please contact admin@dairywindow.nz immediately", 0, 159); //sms($text, $user2array['userPhone']); } if (!$pwdemailed) { reporterror("Password could not be emailed to user. IP '" . $_SERVER['REMOTE_ADDR'] . "'. Password '" . $newpassword . "'. To '" . $to . "'. Subject '" . $subject . "'. Body '" . $body . "'. Headers '" . implode(' ', $headers) . "'. userEmail '" . $userEmail . "'. NEW password '" . $newpassword . "'.", "None", $_SERVER['REQUEST_URI'], __FILE__, __LINE__, "", False); $status = 3; //pwd could not be emailed } else $status = 4; //pwd changed ok } else { if (isset($_POST['inputPassword']) && $_POST['inputPassword'] != "" && $_POST['inputPassword'] != null) { //password $banned = array('(', ')', '<', '>', ',', ';', ':', '[', ']'); foreach ($banned as $char) { if (stristr($_POST['userEmail'], $char)) { email('admin@dairywindow.nz', 'Login error', 'Username ' . $_POST['userEmail'] . ' contains invalid character ' . $char); die('Sorry but your username contains invalid character "' . $char . '". Please see your administrator'); } } $sql = " # get info for user Select userID, userFirst, userEmail, userPassword, userActive, userSite, userPhone From dw_auth Where userEmail = ? And userActive = 1 Limit 1 "; if (!$userqry = mysqli_prepared_query($auth_link, $sql, 's', array($_POST['userEmail']), __FILE__, __LINE__)) reporterror($auth_link->error, $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__); //echo mysqli_prepared_num_rows($userqry); if (mysqli_prepared_num_rows($userqry) == 1) { //email address found $userarray = $userqry[0]; $password_from_db = $userarray['userPassword']; //$2y$10$b8axrW6zOGve6SFK165zAe9gUuSiUtGe1f5xcff6bD0 //$password_from_form=password_hash(, PASSWORD_DEFAULT); if (password_verify($_POST['inputPassword'], $password_from_db)) { if (isset($_SESSION['userSite'])) { @setcookie('userSite', $_SESSION['userSite']); //this is for uploading images in shiftnotes (\js\tinymce\plugins\jbimages\config.php) } redirect($userarray); } else { //incorrect password $status = 1; $userFirst = $userarray['userFirst']; if (empty($_POST['signin-agent'])) $extra_details = 'none'; else $extra_details = $_POST['signin-agent']; $body = "On " . date('D d M y H:m') . " someone with IP " . $_SERVER['REMOTE_ADDR'] . " tried to log into DairyWindow as " . $_POST['userEmail'] . ", but entered an INCORRECT password (dont forget passwords are cAsE sEnSiTiVe). If you suspect someone is trying to access your account, please change your password by editing your profile or contact admin@dairywindow.nz.
Extra details: " . $extra_details; if (stristr($_POST['userEmail'], '@')) email($_POST['userEmail'], 'DW login attempt', $body); if (isset($phone) && $phone != "" && $phone != null) { require "inc/sms.php"; $text = substr("Someone tried to access your account, but they used an incorrect password. If this was not you, please contact admin@dairywindow.nz", 0, 159); sms($text, $phone); } } } else $status = 2; //could not find email address (0 records returned) } } $title = "Sign in"; require "inc/head.php"; require "inc/showdebug.php"; if ($debug) showdebug(); ?>

Error

Failed connecting to the MySQL database

Please sign in

Error

Error

Error

Success