-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathreset_password.php
More file actions
117 lines (97 loc) · 4.02 KB
/
reset_password.php
File metadata and controls
117 lines (97 loc) · 4.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
<?php
// Code for Resetting Password Here
require "includes/config.php";
// Database Connection
require "includes/library.php";
$pdo = connectDB();
$errors = [];
$token = "";
// We get the token from the link or from the form
if(isset($_GET['token'])) {
$token = $_GET['token'];
} elseif(isset($_POST['token'])) {
$token = $_POST['token'];
} else {
$errors['token'] = 'No token provided.';
}
// verify the token
$stmt = $pdo->prepare('SELECT * FROM A3_3420_Password_Resets WHERE token = ? AND expires >= NOW()');
$stmt->execute([$token]);
$reset = $stmt->fetch();
if($reset) {
$user_id = $reset['user_id'];
} else {
$errors['token'] = 'Invalid or expired token.';
}
if(isset($_POST['submit'])) {
// Reset the password
$password = $_POST['password'];
$confirm_password = $_POST['confirm-password'];
if($password !== $confirm_password) {
$errors['password'] = 'Passwords do not match.';
}
if(empty($errors)) {
// Update the users password
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$stmt = $pdo->prepare('UPDATE A3_3420_Users SET password_hash = ? WHERE id = ?');
$stmt->execute([$hashed_password, $user_id]);
// Delete the token
$stmt = $pdo->prepare('DELETE FROM A3_3420_Password_Resets WHERE user_id = ?');
$stmt->execute([$user_id]);
header('Location: login.php');
exit();
}
}
?>
<!DOCTYPE html>
<html lang="en">
<!--The head tag, contains the meta information along with the title describing the page.-->
<head>
<?php
$PAGE_TITLE = "Reset Password";
include "includes/metadata.php";
?>
</head>
<!--The body tag, contains the body of the html file-->
<body>
<!-- HEADER -->
<?php include "includes/header.php"?>
<!--The main tag, contains the majority of the form contents for creating an account.-->
<main class="main-content">
<h1>Reset Password</h1>
<p>
Please enter a new password for your account.
</p>
<!--Form uses the post method for data integrity, requiring username password and a checkbox to remember the login the next time.-->
<form action="<?= htmlentities($_SERVER['PHP_SELF']) ?>" method="post" class="whole-form">
<input type="hidden" name="token" value="<?= htmlentities($token) ?>">
<div class="form-group">
<label for="password">Password:</label>
<input type="password" id="password" name="password" class="form-control <?php echo isset($errors['password']) ? 'input-error' : '' ?>" required pattern="^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$" />
<?php if(isset($errors['password'])): ?>
<span class="error-text"><?php echo $errors['password']; ?></span>
<?php endif; ?>
<div class="password-requirements">
Password must have:
<ul>
<li>At least 8 characters</li>
<li>Both uppercase and lowercase characters</li>
<li>At least one special character</li>
</ul>
</div>
</div>
<div class="form-group">
<label for="confirm-password">Confirm Password:</label>
<input type="password" id="confirm-password" name="confirm-password" class="form-control <?php echo isset($errors['confirm-password']) ? 'input-error' : '' ?>" required pattern="^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$" />
<?php if(isset($errors['confirm-password'])): ?>
<span class="error-text"><?php echo $errors['confirm-password']; ?></span>
<?php endif; ?>
</div>
<!--Submit button that sends out everything in the form.-->
<input type="submit" value="Confirm" name="submit" class="btn" />
</form>
</main>
<!-- FOOTER -->
<?php include "includes/footer.php"?>
</body>
</html>