forked from jaiswalaman/Online-Notes-App
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathforgot-password.php
71 lines (65 loc) · 2.6 KB
/
forgot-password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<?php
//Start session
session_start();
//Connect to the database
include('connection.php');
//Check user inputs
//Define error messages
$missingEmail = '<p><strong>Please enter your email address!</strong></p>';
$invalidEmail = '<p><strong>Please enter a valid email address!</strong></p>';
//Get email
//Store errors in errors variable
if(empty($_POST["forgotemail"])){
$errors .= $missingEmail;
}else{
$email = filter_var($_POST["forgotemail"], FILTER_SANITIZE_EMAIL);
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$errors .= $invalidEmail;
}
}
//If there are any errors
//print error message
if($errors){
$resultMessage = '<div class="alert alert-danger">' . $errors .'</div>';
echo $resultMessage;
exit;
}
//else: No errors
//Prepare variables for the query
$email = mysqli_real_escape_string($link, $email);
//Run query to check if the email exists in the users table
$sql = "SELECT * FROM users WHERE email = '$email'";
$result = mysqli_query($link, $sql);
if(!$result){
echo '<div class="alert alert-danger">Error running the query!</div>'; exit;
}
$count = mysqli_num_rows($result);
//If the email does not exist
//print error message
if($count != 1){
echo '<div class="alert alert-danger">That email does not exist on our database!</div>'; exit;
}
//else
//get the user_id
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$user_id = $row['user_id'];
//Create a unique activation code
$key = bin2hex(openssl_random_pseudo_bytes(16));
//Insert user details and activation code in the forgotpassword table
$time = time();
$status = 'pending';
$sql = "INSERT INTO forgotpassword (`user_id`, `rkey`, `time`, `status`) VALUES ('$user_id', '$key', '$time', '$status')";
$result = mysqli_query($link, $sql);
if(!$result){
echo '<div class="alert alert-danger">There was an error inserting the users details in the database!</div>';
exit;
}
//Send email with link to resetpassword.php with user id and activation code
$message = "Please click on this link to reset your password:\n\n";
$message .= "http://mynotes.thecompletewebhosting.com/resetpassword.php?user_id=$user_id&key=$key";
if(mail($email, 'Reset your password', $message, 'From:'.'[email protected]')){
//If email sent successfully
//print success message
echo "<div class='alert alert-success'>An email has been sent to $email. Please click on the link to reset your password.</div>";
}
?>