forked from jaiswalaman/Online-Notes-App
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathresetpassword.php
117 lines (104 loc) · 4 KB
/
resetpassword.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
<!--This file receives the user_id and key generated to create the new password-->
<!--This file displays a form to input new password-->
<?php
session_start();
include('connection.php');
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Password Reset</title>
<link href="css/bootstrap.min.css" rel="stylesheet">
<style>
h1{
color:purple;
}
.contactForm{
border:1px solid #7c73f6;
margin-top: 50px;
border-radius: 15px;
}
</style>
</head>
<body>
<div class="container-fluid">
<div class="row">
<div class="col-sm-offset-1 col-sm-10 contactForm">
<h1>Reset Password:</h1>
<div id="resultmessage"></div>
<?php
//If user_id or key is missing
if(!isset($_GET['user_id']) || !isset($_GET['key'])){
echo '<div class="alert alert-danger">There was an error. Please click on the link you received by email.</div>'; exit;
}
//else
//Store them in two variables
$user_id = $_GET['user_id'];
$key = $_GET['key'];
$time = time() - 86400;
//Prepare variables for the query
$user_id = mysqli_real_escape_string($link, $user_id);
$key = mysqli_real_escape_string($link, $key);
//Run Query: Check combination of user_id & key exists and less than 24h old
$sql = "SELECT user_id FROM forgotpassword WHERE rkey='$key' AND user_id='$user_id' AND time > '$time' AND status='pending'";
$result = mysqli_query($link, $sql);
if(!$result){
echo '<div class="alert alert-danger">Error running the query!</div>'; exit;
}
//If combination does not exist
//show an error message
$count = mysqli_num_rows($result);
if($count !== 1){
echo '<div class="alert alert-danger">Please try again.</div>';
exit;
}
//print reset password form with hidden user_id and key fields
echo "
<form method=post id='passwordreset'>
<input type=hidden name=key value=$key>
<input type=hidden name=user_id value=$user_id>
<div class='form-group'>
<label for='password'>Enter your new Password:</label>
<input type='password' name='password' id='password' placeholder='Enter Password' class='form-control'>
</div>
<div class='form-group'>
<label for='password2'>Re-enter Password::</label>
<input type='password' name='password2' id='password2' placeholder='Re-enter Password' class='form-control'>
</div>
<input type='submit' name='resetpassword' class='btn btn-success btn-lg' value='Reset Password'>
</form>
";
?>
</div>
</div>
</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
<script src="js/bootstrap.min.js"></script>
<!--Script for Ajax Call to storeresetpassword.php which processes form data-->
<script>
//Once the form is submitted
$("#passwordreset").submit(function(event){
//prevent default php processing
event.preventDefault();
//collect user inputs
var datatopost = $(this).serializeArray();
// console.log(datatopost);
//send them to signup.php using AJAX
$.ajax({
url: "storeresetpassword.php",
type: "POST",
data: datatopost,
success: function(data){
$('#resultmessage').html(data);
},
error: function(){
$("#resultmessage").html("<div class='alert alert-danger'>There was an error with the Ajax Call. Please try again later.</div>");
}
});
});
</script>
</body>
</html>