| Server IP : 74.208.236.18 / Your IP : 216.73.216.45 Web Server : Apache System : Linux infong654 4.4.400-icpu-108 #2 SMP Wed Feb 11 10:12:42 UTC 2026 x86_64 User : u39365822 ( 135825) PHP Version : 8.4.23 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /homepages/7/d147067425/htdocs/includes/ |
Upload File : |
<?php
ob_start();
session_start();
require "db_con_get.php";
if(isset($_POST['btn-save'])) {
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$full_name=$first_name.' '.$last_name;
$email = $_POST['email'];
$hashpassword = @sha1($_POST['password']);
$status = 0;
$sql = "select email_id from therapist where email_id='".$email."'";
$resultset = mysqli_query($con, $sql) or die("database error:". mysqli_error($con));
$row = mysqli_fetch_assoc($resultset);
if(empty($row['email_id'])){
$sql = "insert into therapist(`id`,`name`,`email_id`,`password`,`status`,`created_at`,`updated_at`) VALUES (NULL,'".$full_name."','".$email."','".$hashpassword."','".$status."',now(),now())";
mysqli_query($con,$sql) or die("database error:". mysqli_error($con));
// Otp being send ....
$otp = rand(100000,999999);
// Send OTP
$to=$email;
$from = 'therapist@revealmyway.com';
$fromName = 'Reveal Therapist Account';
$subject = 'OTP for Registeration';
$htmlContent = "One Time Password for a therapist account signup:<br/><br/>" . $otp;
$headers = "From: $fromName"." <".$from.">";
$semi_rand = md5(time());
$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
$headers .= "\nMIME-Version: 1.0\n" . "Content-Type: multipart/mixed;\n" . " boundary=\"{$mime_boundary}\"";
$message = "--{$mime_boundary}\n" . "Content-Type: text/html; charset=\"UTF-8\"\n" .
"Content-Transfer-Encoding: 7bit\n\n" . $htmlContent . "\n\n";
$message .= "--{$mime_boundary}--";
$returnpath = "-f" . $from;
if(mail($to, $subject, $message, $headers,$returnpath)) {
$result = mysqli_query($con,"INSERT INTO otp_auth_expiry(therapist_email, otp_code, is_expired, created_at) VALUES ('".@$email."', '" . $otp . "', 0, '" . date("Y-m-d H:i:s"). "')");
$current_id = mysqli_insert_id($con);
if(!empty($current_id)) {
$msg="success1";
}
} else {
$msg="Email could not be sent...";
}
} else {
$msg="1";
}
echo $msg;
}
if(isset($_POST['btn-login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$hashPass = @sha1($_POST['password']);
$sql = "select * from therapist where `email_id` = '".$username."' AND `status`=1";
$result = mysqli_query($con, $sql) or die(mysqli_error($con));
$count = mysqli_num_rows($result);
if ($count > 0) {
$row = mysqli_fetch_assoc($result);
// generate OTP
$otp = rand(100000,999999);
// Send OTP
$to=$row['email_id'];
$from = 'therapist@revealmyway.com';
$fromName = 'Reveal Therapist Account';
$subject = 'OTP for Login';
$htmlContent = "One Time Password for Therapist login authentication is:<br/><br/>" . $otp;
$headers = "From: $fromName"." <".$from.">";
$semi_rand = md5(time());
$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
$headers .= "\nMIME-Version: 1.0\n" . "Content-Type: multipart/mixed;\n" . " boundary=\"{$mime_boundary}\"";
$message = "--{$mime_boundary}\n" . "Content-Type: text/html; charset=\"UTF-8\"\n" .
"Content-Transfer-Encoding: 7bit\n\n" . $htmlContent . "\n\n";
$message .= "--{$mime_boundary}--";
$returnpath = "-f" . $from;
if(mail($to, $subject, $message, $headers,$returnpath)) {
$result = mysqli_query($con,"INSERT INTO otp_auth_expiry(otp_code,is_expired,created_at) VALUES ('" . $otp . "', 0, '" . date("Y-m-d H:i:s"). "')");
$current_id = mysqli_insert_id($con);
if(!empty($current_id)) {
$success=1;
}
} else {
$msg="Email could not be sent...";
}
if(@$_POST["remember_me"]=='1' || @$_POST["remember_me"]=='on'){
$hour = time() + 3600 * 24 * 30;
setcookie('username', $username, $hour, '/');
setcookie('password', $password, $hour, '/');
}else{
$hour = time();
setcookie("username", "", $hour,'/');
setcookie("password", "", $hour,'/');
}
$passHash = $row['password'];
if($hashPass==$passHash) {
$_SESSION['CURRENT_THERIPIST'] = $row;
unset($_SESSION['CURRENT_THERIPIST']['password']);
$msg="success1";
} else {
$msg="password is incorrect";
}
} else {
$msg="Email ID is incorrect";
}
echo $msg;
}
if(isset($_POST['otp_code'])) {
if(!empty($_SESSION['CURRENT_THERIPIST'])) {
$postOTP = $_POST['otp_code'];
$result = mysqli_query($con,"SELECT * FROM otp_auth_expiry WHERE otp_code='" . $postOTP . "' AND is_expired!=1 AND NOW() <= DATE_ADD(created_at, INTERVAL 1 HOUR)") or die("database error:". mysqli_error($con));
$count = mysqli_num_rows($result);
if(!empty($count)) {
$result = mysqli_query($con,"UPDATE otp_auth_expiry SET is_expired = 1 WHERE otp_code = '" . $postOTP . "'");
$_SESSION['loggedin'] = true;
$msg = "success2";
} else {
//$success = "success1";
$msg = "Invalid OTP!";
}
} else {
$msg="Sorry but your session has expired. Please try login again..";
}
echo $msg;
}
if(isset($_POST['otp_code_reg'])) {
$postOTP = $_POST['otp_code_reg'];
$result = mysqli_query($con,"SELECT * FROM otp_auth_expiry WHERE otp_code='" . $postOTP . "' AND is_expired!=1 AND NOW() <= DATE_ADD(created_at, INTERVAL 1 HOUR)") or die("database error:". mysqli_error($con));
$row = mysqli_fetch_assoc($result);
$count = mysqli_num_rows($result);
if(!empty($count)) {
$upTherapist = mysqli_query($con, "UPDATE `therapist` SET `status` = '1' WHERE `email_id` = '".$row['therapist_email']."'")
or die("Error updating therapist after OTP confirmation: ". mysqli_error($con));
$result = mysqli_query($con,"UPDATE otp_auth_expiry SET is_expired = 1 WHERE otp_code = '" . $postOTP . "'");
$msg = "success2";
} else {
//$success = "success1";
$msg = "Invalid OTP!";
}
echo $msg;
}
if(isset($_POST['btn-forget'])) {
$email = mysqli_real_escape_string($con,$_POST['email']);
$sql = "SELECT * FROM therapist WHERE `email_id` = '".$email."'";
$result = mysqli_query($con,$sql) or die(mysqli_error($con));
$count_ther = mysqli_num_rows($result);
if($count_ther>0) {
$row_ther = mysqli_fetch_assoc($result);
$token = bin2hex(openssl_random_pseudo_bytes(16));
$Update_q=mysqli_query($con,"update `therapist` set `token`='".$token."' where `email_id`='".$email."' ") or die(mysqli_error($con));
if($Update_q>0){
$token=$token;
$to=$row_ther['email_id'];
$from = 'therapist@revealmyway.com';
$fromName = 'Reveal Therapist Account';
$subject = 'Password Reset link';
$htmlContent = '<strong>Click here to Reset Your account Password</strong> http://therapist.revealmyway.com/reset-password.php?token='.$token;
$headers = "From: $fromName"." <".$from.">";
$semi_rand = md5(time());
$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
$headers .= "\nMIME-Version: 1.0\n" . "Content-Type: multipart/mixed;\n" . " boundary=\"{$mime_boundary}\"";
$message = "--{$mime_boundary}\n" . "Content-Type: text/html; charset=\"UTF-8\"\n" .
"Content-Transfer-Encoding: 7bit\n\n" . $htmlContent . "\n\n";
$message .= "--{$mime_boundary}--";
$returnpath = "-f" . $from;
if(mail($to, $subject, $message, $headers,$returnpath)) {
$msg="success";
}else {
$msg="Email could not be sent...";
}
}
}else{
$msg= "Incorrect Email-ID";
}
echo $msg;
}
if(isset($_POST['btn-reset'])) {
$password = mysqli_real_escape_string($con,$_POST['password']);
$confirm_password = mysqli_real_escape_string($con,$_POST['confirm_password']);
$token = mysqli_real_escape_string($con,$_POST["token"]);
if($password!=$confirm_password){
$msg= "Password do not match, both password should be same.";
}
if(empty($token) && !isset($token)){
$msg.= "Invalid Token";
}
if(empty($msg)){
$newpassword=@sha1($_POST['password']);
$update_data=mysqli_query($con,"update `therapist` set `password`='".mysqli_real_escape_string($con,$newpassword)."', `token`='' ,`updated_at`=now() where `id`='".base64_decode($_POST['token'])."' ") or die(mysqli_error($con));
if($update_data){
$msg='success';
}else{
$msg= "Something Error.Please Contact Administrator";
}
}
echo $msg;
}
?>