forked from dcblogdev/loginregister
-
Notifications
You must be signed in to change notification settings - Fork 0
/
resetPassword.php
142 lines (108 loc) · 3.5 KB
/
resetPassword.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
<?php require('includes/config.php');
//if logged in redirect to members page
if ($user->is_logged_in() ){
header('Location: memberpage.php');
exit();
}
$resetToken = $_GET['key'];
$stmt = $db->prepare('SELECT resetToken, resetComplete FROM members WHERE resetToken = :token');
$stmt->execute(array(':token' => $resetToken));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
//if no token from db then kill the page
if (empty($row['resetToken'])){
$stop = 'Invalid token provided, please use the link provided in the reset email.';
} elseif($row['resetComplete'] == 'Yes') {
$stop = 'Your password has already been changed!';
}
//if form has been submitted process it
if (isset($_POST['submit'])){
if (! isset($_POST['password']) || ! isset($_POST['passwordConfirm'])) {
$error[] = 'Both Password fields are required to be entered';
}
//basic validation
if (strlen($_POST['password']) < 3){
$error[] = 'Password is too short.';
}
if (strlen($_POST['passwordConfirm']) < 3){
$error[] = 'Confirm password is too short.';
}
if ($_POST['password'] != $_POST['passwordConfirm']){
$error[] = 'Passwords do not match.';
}
//if no errors have been created carry on
if (! isset($error)){
//hash the password
$hashedpassword = password_hash($_POST['password'], PASSWORD_BCRYPT);
try {
$stmt = $db->prepare("UPDATE members SET password = :hashedpassword, resetComplete = 'Yes' WHERE resetToken = :token");
$stmt->execute(array(
':hashedpassword' => $hashedpassword,
':token' => $row['resetToken']
));
//redirect to index page
header('Location: login.php?action=resetAccount');
exit;
//else catch the exception and show the error.
} catch(PDOException $e) {
$error[] = $e->getMessage();
}
}
}
//define page title
$title = 'Reset Account';
//include header template
require('layout/header.php');
?>
<div class="container">
<div class="row">
<div class="col-xs-12 col-sm-8 col-md-6 col-sm-offset-2 col-md-offset-3">
<?php if (isset($stop)){
echo "<p class='bg-danger'>$stop</p>";
} else { ?>
<form role="form" method="post" action="" autocomplete="off">
<h2>Change Password</h2>
<hr>
<?php
//check for any errors
if (isset($error)){
foreach($error as $error){
echo '<p class="bg-danger">'.$error.'</p>';
}
}
if (isset($_GET['action'])) {
//check the action
switch ($_GET['action']) {
case 'active':
echo "<h2 class='bg-success'>Your account is now active you may now log in.</h2>";
break;
case 'reset':
echo "<h2 class='bg-success'>Please check your inbox for a reset link.</h2>";
break;
}
}
?>
<div class="row">
<div class="col-xs-6 col-sm-6 col-md-6">
<div class="form-group">
<input type="password" name="password" id="password" class="form-control input-lg" placeholder="Password" tabindex="1">
</div>
</div>
<div class="col-xs-6 col-sm-6 col-md-6">
<div class="form-group">
<input type="password" name="passwordConfirm" id="passwordConfirm" class="form-control input-lg" placeholder="Confirm Password" tabindex="1">
</div>
</div>
</div>
<hr>
<div class="row">
<div class="col-xs-6 col-md-6"><input type="submit" name="submit" value="Change Password" class="btn btn-primary btn-block btn-lg" tabindex="3"></div>
</div>
</form>
<?php } ?>
</div>
</div>
</div>
<?php
//include header template
require('layout/footer.php');
?>