-
Notifications
You must be signed in to change notification settings - Fork 0
/
reset.php
63 lines (50 loc) · 1.88 KB
/
reset.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<?php
require_once dirname(__FILE__) . '/lib/password.php';
require_once dirname(__FILE__) .'/Model/DBController.php';
$objDBController = new DBController();
$dbconn=$objDBController->getConn();
// Was the form submitted?
if (isset($_POST["ResetPasswordForm"]))
{
// Gather the post data
$email = str_replace(' ', '',$_POST["email"]);
$password = $_POST["password"];
$confirmpassword = $_POST["confirmpassword"];
$hash = $_POST["q"];
// Use the same salt from the forgot_password.php file
$salt = "498#2D83B631%3800EBD!801600D*7E3CC13";
// Generate the reset key
$resetkey = hash('sha512', $salt.$email);
// Does the new reset key match the old one?
if ($resetkey == $hash)
{
if ($password == $confirmpassword)
{
//has and secure the password
$password = password_hash($password,PASSWORD_DEFAULT);
// Update the user's password
$query = $dbconn->prepare('UPDATE user SET password = :password WHERE email = :email');
$query->bindParam(':password', $password);
$query->bindParam(':email', $email);
$query->execute();
$dbconn = null;
include dirname(__FILE__) . '/views/header.php';
echo "<div class='container'>Your password has been successfully reset.</div>";
include dirname(__FILE__) . '/views/footer.php';
}
else{
include dirname(__FILE__) . '/views/header.php';
echo "<div class='container'>Your password's do not match.</div>";
include dirname(__FILE__) . '/views/footer.php';
}
}
else{
include dirname(__FILE__) . '/views/header.php';
echo "<div class='container'>Your password reset key is invalid.</div>";
include dirname(__FILE__) . '/views/footer.php';
}
}else{
header('Location: index.php');
exit;
}
?>