| Server IP : 74.208.236.18 / Your IP : 216.73.216.45 Web Server : Apache System : Linux infong654 4.4.400-icpu-108 #2 SMP Wed Feb 11 10:12:42 UTC 2026 x86_64 User : u39365822 ( 135825) PHP Version : 8.4.23 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /homepages/7/d147067425/htdocs/client_user_2/includes/ |
Upload File : |
<?php
ob_start();
session_start();
require "./db_con_get.php";
function call_api($fields, $url) {
//API call
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$headers = array(
"X-Custom-Header: value",
"Content-Type: application/json",
"API-TOKEN:t68VRoQGFSxHVR3dskZvRKpe8Pb1rQrm",
);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
// Api call footer
curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($fields));
//for debug only!
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
$resp = curl_exec($curl);
curl_close($curl);
return json_decode($resp);
//var_dump($resp);
}
if(isset($_POST['btn-save'])) {
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$full_name=$first_name.' '.$last_name;
$email = $_POST['email'];
$hashpassword = @password_hash($_POST['password'], PASSWORD_DEFAULT);
$post_therapist_id = @$_POST['referral'];
$status = 0;
$sql = "SELECT * FROM `user` WHERE EmailID = '".@base64_encode($email)."'";
$resultset = mysqli_query($con, $sql) or die("database error:". mysqli_error($con));
$row = mysqli_fetch_assoc($resultset);
//get therapist email
$thData = mysqli_query($con, "SELECT `email_id` FROM `therapist` WHERE `id` = '".@$post_therapist_id."'")
or die("database error:". mysqli_error($con));
$rowTh = mysqli_fetch_assoc($thData);
if(mysqli_num_rows($resultset) > 0 && $row['therapist_id'] == $post_therapist_id) {
//Otp being send ....
$otp = rand(100000,999999);
// Send OTP
// $to = $email;
// $subject = 'One Time Password for Registeration';
// $htmlContent = "One Time Password for a client account signup:<br/><br/>" . $otp;
// $headers = "From: clients@revealmyway.com\r\n";
// $headers .= "MIME-Version: 1.0" . "\r\n";
// $headers .= "Content-type: text/html; charset=UTF-8" . "\r\n";
// $headers .= "Reply-To: noreply@revealmyway.com\r\n";
// $headers .= "X-Mailer: PHP/".phpversion();
// if(mail($to, $subject, $htmlContent, $headers)) {
// $result = mysqli_query($con,"INSERT INTO client_otp_auth_expiry(client_email, otp_code, is_expired, created_at) VALUES ('".@$email."', '" . $otp . "', 0, '" . date("Y-m-d H:i:s"). "')");
// $current_id = mysqli_insert_id($con);
// if(!empty($current_id)) {
// $msg="success1";
// }
// } else {
// $msg="Email could not be sent...";
// }
$initF = @mb_substr($first_name, 0, 1);
$initL = @mb_substr($last_name, 0, 1);
$apiRes = call_api([
'email' => @base64_decode($row['EmailID']),
'password' => @$row['praw'],
'first_name' => @$first_name,
'last_name' => @$last_name,
'gender' => @$row['Gender'],
'age' => @$row['Age'],
'therapist_email' => @$rowTh['email_id'],
'initials' => @$initF.@$initL
], 'http://apis.revealmyway.com:4000/therapist_api/public/api/user/register');
if(@$apiRes->guid != '') {
$updateReg = "UPDATE `user` SET `FirstName` = '".@base64_encode($first_name)."', `LastName` = '".@base64_encode($last_name)."',
`Gender` = '".@$_POST['gender']."', `Age` = '".@$_POST['age']."', `PasswordHash` = '".$hashpassword."',
`praw` = '".@base64_encode($_POST['password'])."' WHERE
`UserID` = '".$row['UserID']."' AND `therapist_id` = '".@$post_therapist_id."'";
mysqli_query($con, $updateReg) or die("database error:". mysqli_error($con));
mysqli_query($con, "UPDATE `user` SET `GuidReference` = '".$apiRes->guid."', `IsActive` = '1' WHERE `UserID` = '".@$row['UserID']."'") or die(mysqli_error($con));
$msg = "success2";
} else {
$msg = @$apiRes->message;
}
} else {
$msg="1";
}
echo $msg;
}
if(isset($_POST['btn-login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "select * from user where `EmailID` = '".@base64_encode($username)."' AND `isArchived` = '0'";
//$sql = "select * from user where `therapist_id` = '8' AND `isArchived` = '0'";
$result = mysqli_query($con, $sql) or die(mysqli_error($con));
$count = mysqli_num_rows($result);
//echo $hashpassword = @password_hash('123456', PASSWORD_DEFAULT);exit;
//$hashPass = @sha1($_POST['password']);
//$apiRes = call_api(['email' => $username, 'password' => $password], 'http://apis.revealmyway.com:4000/therapist_api/public/api/user/login');
//print_r($apiRes);
if (@$count > 0) {
$row = mysqli_fetch_assoc($result);
$passHash = $row['PasswordHash'];
if(password_verify($password, $passHash)) {
$_SESSION['CURRENT_CLIENT'] = $row;
unset($_SESSION['CURRENT_CLIENT']['PasswordHash']);
$msg="success1";
// generate OTP
$otp = rand(100000,999999);
// Send OTP
$to=base64_decode($row['EmailID']);
$from = 'clients@revealmyway.com';
$fromName = 'Reveal Clients Account';
$subject = 'One Time Password for Login';
$htmlContent = "One Time Password for Client login authentication is:<br/><br/>" . $otp;
$headers = "From: $fromName"." <".$from.">";
$semi_rand = md5(time());
$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
$headers .= "\nMIME-Version: 1.0\n" . "Content-Type: multipart/mixed;\n" . " boundary=\"{$mime_boundary}\"";
$message = "--{$mime_boundary}\n" . "Content-Type: text/html; charset=\"UTF-8\"\n" .
"Content-Transfer-Encoding: 7bit\n\n" . $htmlContent . "\n\n";
$message .= "--{$mime_boundary}--";
$returnpath = "-f" . $from;
if(mail($to, $subject, $message, $headers,$returnpath)) {
$result = mysqli_query($con,"INSERT INTO client_otp_auth_expiry(otp_code,client_email,is_expired,created_at) VALUES ('" . $otp . "', '".base64_encode($row['EmailID'])."', 0, '" . date("Y-m-d H:i:s"). "')");
$current_id = mysqli_insert_id($con);
if(!empty($current_id)) {
$success=1;
}
} else {
$msg="Email could not be sent...";
}
} else {
$msg="password is incorrect";
}
if(@$_POST["remember_me"]=='1' || @$_POST["remember_me"]=='on'){
$hour = time() + 3600 * 24 * 30;
setcookie('username', $username, $hour, '/');
setcookie('password', $password, $hour, '/');
} else {
$hour = time();
setcookie("username", "", $hour,'/');
setcookie("password", "", $hour,'/');
}
} else {
$msg="Email ID is incorrect";
}
echo $msg;
}
if(isset($_POST['otp_code'])) {
if(!empty($_SESSION['CURRENT_CLIENT'])) {
$postOTP = $_POST['otp_code'];
$result = mysqli_query($con,"SELECT * FROM client_otp_auth_expiry WHERE otp_code='" . $postOTP . "' AND is_expired!=1 AND NOW() <= DATE_ADD(created_at, INTERVAL 1 HOUR)") or die("database error:". mysqli_error($con));
$count = mysqli_num_rows($result);
if(!empty($count)) {
$result = mysqli_query($con,"UPDATE client_otp_auth_expiry SET is_expired = 1 WHERE otp_code = '" . $postOTP . "'");
$_SESSION['loggedinC'] = true;
$msg = "success2";
} else {
//$success = "success1";
$msg = "Invalid OTP!";
}
} else {
$msg="Sorry but your session has expired. Please try login again..";
}
echo $msg;
}
if(isset($_POST['otp_client_reg'])) {
$postOTP = $_POST['otp_client_reg'];
$result = mysqli_query($con,"SELECT * FROM client_otp_auth_expiry WHERE otp_code='" . $postOTP . "' AND is_expired!=1 AND NOW() <= DATE_ADD(created_at, INTERVAL 1 HOUR)") or die("database error:". mysqli_error($con));
$resArray = mysqli_fetch_array($result);
$count = mysqli_num_rows($result);
if(@$count > 0) {
$result = mysqli_query($con,"UPDATE client_otp_auth_expiry SET is_expired = 1 WHERE otp_code = '" . $postOTP . "'");
$sql = "SELECT * FROM user WHERE `EmailID` = '".@$resArray['client_email']."'";
$userRes = mysqli_query($con, $sql) or die(mysqli_error($con));
$userArr = mysqli_fetch_array($userRes);
$countRes = mysqli_num_rows($userRes);
if(@$countRes > 0) {
$apiRes = call_api([
'email' => @base64_decode($userArr['EmailID']),
'password' => @$userArr['praw'],
'first_name' => @$userArr['FirstName'],
'last_name' => @$userArr['LastName'],
'gender' => @$userArr['Gender'],
'age' => @$userArr['Age']
], 'http://apis.revealmyway.com:4000/therapist_api/public/api/user/register');
if(@$apiRes->guid != '') {
mysqli_query($con, "UPDATE `user` SET `GuidReference` = '".$apiRes->guid."', `IsActive` = '1' WHERE `UserID` = '".@$userArr['UserID']."'") or die(mysqli_error($con));
$msg = "success2";
} else {
$msg = @$apiRes->message;
}
}
} else {
$msg = "Invalid OTP!";
}
echo $msg;
}
if(isset($_POST['otp_code_reg'])) {
$postOTP = $_POST['otp_code_reg'];
$result = mysqli_query($con,"SELECT * FROM otp_auth_expiry WHERE otp_code='" . $postOTP . "' AND is_expired!=1 AND NOW() <= DATE_ADD(created_at, INTERVAL 1 HOUR)") or die("database error:". mysqli_error($con));
$row = mysqli_fetch_assoc($result);
$count = mysqli_num_rows($result);
if(!empty($count)) {
$upTherapist = mysqli_query($con, "UPDATE `therapist` SET `status` = '1' WHERE `email_id` = '".$row['therapist_email']."'")
or die("Error updating therapist after OTP confirmation: ". mysqli_error($con));
$result = mysqli_query($con,"UPDATE otp_auth_expiry SET is_expired = 1 WHERE otp_code = '" . $postOTP . "'");
$msg = "success2";
} else {
//$success = "success1";
$msg = "Invalid OTP!";
}
echo $msg;
}
if(isset($_POST['btn-forget'])) {
$email = mysqli_real_escape_string($con,$_POST['email']);
$sql = "SELECT * FROM user WHERE `EmailID` = '".base64_encode($email)."'";
$result = mysqli_query($con,$sql) or die(mysqli_error($con));
$count_ther = mysqli_num_rows($result);
if($count_ther>0) {
$row_ther = mysqli_fetch_assoc($result);
$token = bin2hex(openssl_random_pseudo_bytes(16));
$Update_q=mysqli_query($con,"update `user` set `token`='".$token."' where `EmailID`='".base64_encode($email)."' ") or die(mysqli_error($con));
if($Update_q>0){
$token=$token;
$to=base64_decode($row_ther['EmailID']);
$from = 'client@revealmyway.com';
$fromName = 'Reveal Client Account';
$subject = 'Password Reset link';
$htmlContent = '<strong>Click here to Reset Your account Password</strong> https://clients.revealmyway.com/reset-password.php?token='.$token;
$headers = "From: $fromName"." <".$from.">";
$semi_rand = md5(time());
$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
$headers .= "\nMIME-Version: 1.0\n" . "Content-Type: multipart/mixed;\n" . " boundary=\"{$mime_boundary}\"";
$message = "--{$mime_boundary}\n" . "Content-Type: text/html; charset=\"UTF-8\"\n" .
"Content-Transfer-Encoding: 7bit\n\n" . $htmlContent . "\n\n";
$message .= "--{$mime_boundary}--";
$returnpath = "-f" . $from;
if(mail($to, $subject, $message, $headers,$returnpath)) {
$msg="success";
}else {
$msg="Email could not be sent...";
}
}
}else{
$msg= "Incorrect Email-ID";
}
echo $msg;
}
if(isset($_POST['btn-reset'])) {
$password = mysqli_real_escape_string($con,$_POST['password']);
$confirm_password = mysqli_real_escape_string($con,$_POST['confirm_password']);
$token = mysqli_real_escape_string($con,$_POST["token"]);
if($password!=$confirm_password){
$msg= "Password do not match, both password should be same.";
}
if(empty($token) && !isset($token)){
$msg.= "Invalid Token";
}
if(empty($msg)) {
$newpassword = @password_hash($_POST['password'], PASSWORD_DEFAULT);
$update_data = mysqli_query($con, "UPDATE `user` SET `PasswordHash` = '".mysqli_real_escape_string($con,$newpassword)."', `token` = '' , `UpdatedOn` = now() WHERE `UserID`='".base64_decode($_POST['token'])."'") or die(mysqli_error($con));
if($update_data){
$msg='success';
} else {
$msg= "Something Error.Please Contact Administrator";
}
}
echo $msg;
}
?>