-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathreset-password.php
136 lines (112 loc) · 5.17 KB
/
reset-password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
<!--This file receives the user_id and key generated to create the new password-->
<!--This file displays a form to input new password-->
<?php
session_start();
include('connection.php');
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- Title of the page -->
<title>Company Website - Reset Password</title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
<!-- Linking external stylesheets -->
<link rel="stylesheet" href="style.css">
<!-- Linking google fonts -->
<link href="https://fonts.googleapis.com/css?family=Arvo&display=swap" rel="stylesheet">
<!-- Linking icons -->
<link rel="icon" href="company-logo.png">
</head>
<body>
<!-- Navbar -->
<nav class="navbar navbar-expand-lg navbar-dark">
<a class="navbar-brand" href="#"><img src="company-logo.png" class="logo"></a>
</nav>
<div class="container2">
<h2 id="welcome-user">Reset Password</h1>
<div id="resultmessage"></div>
<?php
//If user_id or key is missing
if(!isset($_GET['user_id']) || !isset($_GET['key'])){
echo '<div class="alert alert-danger">There was an error. Please click on the link you received by email.</div>'; exit;
}
//else
//Store them in two variables
$user_id = $_GET['user_id'];
$key = $_GET['key'];
$time = time() - 86400;
//Prepare variables for the query
$user_id = mysqli_real_escape_string($link, $user_id);
$key = mysqli_real_escape_string($link, $key);
//Run Query: Check combination of user_id & key exists and less than 24h old
$sql = "SELECT user_id FROM forgotpassword WHERE rkey='$key' AND user_id='$user_id' AND time > '$time' AND status='pending'";
$result = mysqli_query($link, $sql);
if(!$result){
echo '<div class="alert alert-danger">Error running the query!</div>'; exit;
}
//If combination does not exist
//show an error message
$count = mysqli_num_rows($result);
if($count !== 1){
echo '<div class="alert alert-danger">Please try again.</div>';
exit;
}
//print reset password form with hidden user_id and key fields
echo "
<form method=post id='passwordreset'>
<input type=hidden name=key value=$key>
<input type=hidden name=user_id value=$user_id>
<div class='form-group'>
<label for='password'>Enter new Password</label>
<input type='password' name='password' id='password' placeholder='Enter Password' class='form-control'>
<p id='reset-password'></p>
</div>
<div class='form-group'>
<label for='password2'>Confirm Password</label>
<input type='password' name='password2' id='password2' placeholder='Re-enter Password' class='form-control'>
<p id='reset-password2'></p>
</div><br>
<input type='submit' name='resetpassword' class='btn btn-warning' value='Reset Password'>
</form>
";
?>
</div>
<!-- Footer -->
<div class="container-fluid">
<div id="footerself">
© Copyright. All rights reserved.
</div>
<div id="footerself2">
Developed by <span id="self"><b>Subham Das</b></span>
</div>
</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
<script src="js/bootstrap.min.js"></script>
<!--Script for Ajax Call to storeresetpassword.php which processes form data-->
<script>
//Once the form is submitted
$("#passwordreset").submit(function(event){
//prevent default php processing
event.preventDefault();
//collect user inputs
var datatopost = $(this).serializeArray();
// console.log(datatopost);
//send them to signup.php using AJAX
$.ajax({
url: "store-reset-password.php",
type: "POST",
data: datatopost,
success: function(data){
$('#resultmessage').html(data);
},
error: function(){
$("#resultmessage").html("<div class='alert alert-danger'>There was an error with the Ajax Call. Please try again later.</div>");
}
});
});
</script>
</body>
</html>