-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathreset_password.php
189 lines (161 loc) · 7.94 KB
/
reset_password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
<?php
session_start();
$errors = array();
$success = array();
require 'dbconn.php';
//if email session is set
if(isset($_SESSION['email'])) {
$email = $_SESSION['email'];
}
?>
<?php
//if reset_code variable is available in the url
if (isset($_GET['reset_code'])) {
$code = $_GET['reset_code'];
}
if($_SERVER["REQUEST_METHOD"] == "POST"){
$password = $_POST['password'];
$confirm = $_POST['confirm_password'];
$defas = 0;
if(empty($password)){
$errors['tests'] = "Password field cannot be empty";
}
if(empty($confirm)){
$errors['tests'] = "Re-type password field cannot be empty";
}
if($password !== $confirm){
$errors['tests'] = "the two password did not match";
}else{
$pwd=password_hash($password, PASSWORD_DEFAULT);
$query = mysqli_query($conn, "UPDATE users SET password = '$pwd' WHERE email = '$email'");
if($query){
$query_attempt = mysqli_query($conn, "SELECT * FROM users WHERE email = '$email'");
if(mysqli_num_rows($query_attempt) > 0){
$details = mysqli_fetch_array($query_attempt);
$user_id = $details['id'];
$email = $_SESSION['email'];
$qry = mysqli_query($conn, "UPDATE users SET verification_code = $defas WHERE email = '$email'");
$sql = mysqli_query($conn, "DELETE FROM failed_attempts WHERE user_id = $user_id");
$success['testt'] = "Password has been changed";
session_destroy();
header('location:signin.php');
}
}else{
$errors['tests'] = "an error occured";
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Reset Password</title>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
<link rel="stylesheet" type="text/css" href="css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="css/style.css">
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
</head>
<body class="bg-white">
<div class="container">
<div class="row justify-content-center">
<div class="col-lg-4">
<h1 class="text-center text-dark mt-5 mb-4">Password Reset</h1>
<?php if (count($errors) > 0): ?>
<div class="alert alert-danger alert-dismissible fade show" role="alert">
<?php foreach($errors as $error): ?>
<li class="text-danger"><?php echo $error; ?></li>
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
<?php endforeach; ?>
</div>
<?php endif; ?>
<?php if (count($success) > 0): ?>
<div class="alert alert-success alert-dismissible fade show" role="alert">
<?php foreach($success as $succes): ?>
<li class="text-success"><?php echo $succes; ?></li>
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
<?php endforeach; ?>
</div>
<?php endif; ?>
<div class="w-100 shadow trans card">
<form method="POST" action="reset_password.php">
<?php
if(isset($_GET['reset_code'])){
$code = $_GET['reset_code'];
$sql = mysqli_query($conn, "SELECT verification_code FROM users WHERE verification_code = '$code'");
if(mysqli_num_rows($sql) > 0){
?>
<div class=" form-group mt-4 mr-4 ml-4">
<label for="Username">Enter New Password</label>
<div class="input-group" id="show_password">
<input type="password" class="form-control" name="password" required aria-label="password" aria-describedby="basic-addon2">
<div class="input-group-append">
<span class="input-group-text" id="basic-addon2"><a href=""><i class="fa fa-eye-slash" aria-hidden="true"></i></a></span>
</div>
</div>
</div>
<div class=" form-group mt-4 mr-4 ml-4">
<label for="Username">Re-enter Password</label>
<div class="input-group" id="show_new_password">
<input type="password" class="form-control" name="confirm_password" required aria-label="password" aria-describedby="basic-addon2">
<div class="input-group-append">
<span class="input-group-text" id="basic-addon2"><a href=""><i class="fa fa-eye-slash" aria-hidden="true"></i></a></span>
</div>
</div>
</div>
<div class="form-group mr-4 ml-4">
<input type="submit" class="btn btn-outline-primary login w-100 mt-2 mb-3" name="submit" value="Change Password">
</div>
<?php
}else{
$errors['pass'] = "Invalid approach, please use the link that was sent to your email";
}
}else{
$errors['pass'] = "Invalid token, please use the token that was sent to your email";
}
?>
</form>
</div>
<div class="trans card w-100 mt-3 shadow">
<p class="text-center mt-2"><a href="signin.php">Go to login</a></p>
</div>
</div>
</div>
</div>
<script src="js/jquery-3.5.1.min.js"></script>
<script src="js/bootstrap.min.js"></script>
<script>
$(document).ready(function() {
$("#show_password a").on('click', function(event) {
event.preventDefault();
if($('#show_password input').attr("type") == "text"){
$('#show_password input').attr('type', 'password');
$('#show_password i').addClass( "fa-eye-slash" );
$('#show_password i').removeClass( "fa-eye" );
}else if($('#show_password input').attr("type") == "password"){
$('#show_password input').attr('type', 'text');
$('#show_password i').removeClass( "fa-eye-slash" );
$('#show_password i').addClass( "fa-eye" );
}
});
$("#show_new_password a").on('click', function(event) {
event.preventDefault();
if($('#show_new_password input').attr("type") == "text"){
$('#show_new_password input').attr('type', 'password');
$('#show_new_password i').addClass( "fa-eye-slash" );
$('#show_new_password i').removeClass( "fa-eye" );
}else if($('#show_new_password input').attr("type") == "password"){
$('#show_new_password input').attr('type', 'text');
$('#show_new_password i').removeClass( "fa-eye-slash" );
$('#show_new_password i').addClass( "fa-eye" );
}
});
});
</script>
</body>
</html>