-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathreset.php
90 lines (72 loc) · 2.68 KB
/
reset.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<?php
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
include 'includes/session.php';
if(isset($_POST['reset'])){
$email = $_POST['email'];
$conn = $pdo->open();
$stmt = $conn->prepare("SELECT *, COUNT(*) AS numrows FROM users WHERE email=:email");
$stmt->execute(['email'=>$email]);
$row = $stmt->fetch();
if($row['numrows'] > 0){
//generate code
$set='123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$code=substr(str_shuffle($set), 0, 15);
try{
$stmt = $conn->prepare("UPDATE users SET reset_code=:code WHERE id=:id");
$stmt->execute(['code'=>$code, 'id'=>$row['id']]);
$message = "
<h2>Password Reset</h2>
<p>Your Account:</p>
<p>Email: ".$email."</p>
<p>Please click the link below to reset your password.</p>
<a href='http://localhost/ecommerce/password_reset.php?code=".$code."&user=".$row['id']."'>Reset Password</a>
";
//Load phpmailer
require 'vendor/autoload.php';
$mail = new PHPMailer(true);
try {
//Server settings
$mail->isSMTP();
$mail->Host = 'smtp.gmail.com';
$mail->SMTPAuth = true;
$mail->Username = 'testsourcecodester@gmail.com';
$mail->Password = 'mysourcepass';
$mail->SMTPOptions = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
);
$mail->SMTPSecure = 'ssl';
$mail->Port = 465;
$mail->setFrom('testsourcecodester@gmail.com');
//Recipients
$mail->addAddress($email);
$mail->addReplyTo('testsourcecodester@gmail.com');
//Content
$mail->isHTML(true);
$mail->Subject = 'ECommerce Site Password Reset';
$mail->Body = $message;
$mail->send();
$_SESSION['success'] = 'Password reset link sent';
}
catch (Exception $e) {
$_SESSION['error'] = 'Message could not be sent. Mailer Error: '.$mail->ErrorInfo;
}
}
catch(PDOException $e){
$_SESSION['error'] = $e->getMessage();
}
}
else{
$_SESSION['error'] = 'Email not found';
}
$pdo->close();
}
else{
$_SESSION['error'] = 'Input email associated with account';
}
header('location: password_forgot.php');
?>