-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
reset_password.php
46 lines (37 loc) · 1.24 KB
/
reset_password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
<?php
global $pdo;
if (!empty($query)) {
$reset_id = $query['reset_id'];
$reset_token = $query['reset_token'];
} else {
die("Invalid URL.");
}
$password_valid = validate_password_reset($reset_id, $reset_token);
if (!$password_valid) {
die("This incident will be reported.");
}
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$password = $_POST['password'];
$repeat_password = $_POST['repeat_password'];
$bcid = get_id_for_password_reset($reset_id, $reset_token);
if ($password == $repeat_password) {
$new_password = password_hash($password, PASSWORD_DEFAULT);
$sql = 'UPDATE accounts SET password = ? WHERE id = ?';
try {
$pdo->prepare($sql)->execute([$new_password, $bcid]);
} catch (PDOException $e) {
die ($e);
}
// delete the password reset stuff
delete_password_reset($reset_id, $reset_token);
}
}
?>
<p>Please submit your new password:</p>
<form method="post">
<label for="password">New password</label>
<input type="password" name="password" id="repeat_password">
<label for="repeat_password">Repeat new password</label>
<input type="password" name="repeat_password" id="repeat_password">
<button type="submit">Reset password</button>
</form>