forked from GwakoSyprose/TORS
-
Notifications
You must be signed in to change notification settings - Fork 0
/
changepass.php
149 lines (112 loc) · 4.87 KB
/
changepass.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
<!DOCTYPE html>
<html lang="en">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>TORS</title>
<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Fira+Sans|Roboto:300,400|Questrial|Satisfy">
<link rel="stylesheet" type="text/css" href="css/font-awesome.min.css">
<link rel="stylesheet" type="text/css" href="css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="css/style.css">
<link href="https://fonts.googleapis.com/css?family=Roboto|Varela+Round" rel="stylesheet">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css">
</head>
<body id="myPage" data-spy="scroll" data-target=".navbar" data-offset="60" >
<<<<<<< HEAD
=======
>>>>>>> f230c1f10dae74d581c336182590c7ef27a82316
<section id="contact" class="section-padding wow fadeIn delay-05s">
<div class="container">
<div class="row">
<div class="col-md-12">
<div class="contact-sec text-center">
<h2>Enter your new password to login</h2>
<p>Send email</p>
</div>
</div>
<div class="col-md-8 col-md-push-2">
<?php
include('includes/connection.php');
$error= "";
if (isset($_GET["key"]) && isset($_GET["email"])
&& isset($_GET["action"]) && ($_GET["action"]=="reset")
&& !isset($_POST["action"])){
$key = $_GET["key"];
$email = $_GET["email"];
$curDate = date("Y-m-d H:i:s");
$query = mysqli_query($link,"
SELECT * FROM `password_reset_temp` WHERE `key`='".$key."' and `email`='".$email."';");
$row = mysqli_num_rows($query);
if ($row==""){
$error .= '<h2>Invalid Link</h2>
<p>The link is invalid/expired. Either you did not copy the correct link from the email,
or you have already used the key in which case it is deactivated.</p>
<p><a href="localhost/tors/reset-password.php">Click here</a> to reset password.</p>';
}else{
$row = mysqli_fetch_assoc($query);
$expDate = $row['expDate'];
if ($expDate >= $curDate){
?>
<form action="" method="post" name="update" class="contactForm">
<input type="hidden" name="action" value="update" />
<br /><br />
<div class="form-group">
<input type="password" class="form-control" name="pass1" id="pass1" placeholder="New password" data-msg="Please enter your password " required />
<div class="validation"></div>
</div>
<div class="form-group">
<input type="password" class="form-control" name="pass2" id="pass2" placeholder="Confirm password" data-msg="Please enter confirm password" />
<div class="validation"></div>
</div>
<input type="hidden" name="email" value="<?php echo $email;?>"/>
<div class="text-center"><button type="submit" id="reset" class="btn btn-primary btn-lg">Reset Password</button>
</div>
</form>
<?php
}else{
$error .= "<h2>Link Expired</h2>
<p>The link is expired. You are trying to use the expired link which as valid only 24 hours (1 days after request).<br /><br /></p>";
}
}
if($error!=""){
echo "<div class='alert alert-danger'>".$error."</div><br />";
}
} // isset email key validate end
if(isset($_POST["email"]) && isset($_POST["action"]) && ($_POST["action"]=="update")){
$error="";
$pass1 = mysqli_real_escape_string($link,$_POST["pass1"]);
$pass2 = mysqli_real_escape_string($link,$_POST["pass2"]);
$email = $_POST["email"];
$curDate = date("Y-m-d H:i:s");
$mail = $_POST["email"];
$pass1 = mysqli_real_escape_string($link,$_POST["pass1"]);
$pass2 = mysqli_real_escape_string($link,$_POST["pass2"]);
$email = $_POST["email"];
if ($pass1!=$pass2){
$error .= "<p>Password do not match, both password should be same.<br /><br /></p>";
}
if($error!=""){
echo "<div class='error'>".$error."</div><br />";
}else{
$hashedPass1 = password_hash($pass1, PASSWORD_DEFAULT);
$sql = "UPDATE `users` SET `password`='".$hashedPass1."' WHERE `email`='".$mail."';";
//mysqli_query($link,$sql);
if ($link->query($sql) === TRUE) {
} else {
echo "Error updating record: " . $link->error;
}
mysqli_query($link, "DELETE FROM `password_reset_temp` WHERE `email`='".$mail."';");
echo '<div class="alert alert-success"><p>Congratulations! Your password has been updated successfully.</p>
<p><a href="index.php">Click here</a> to Login.</p></div><br />';
}
}
?>
</div>
</div>
</div>
</section>
<script src="js/jquery.min.js"></script>
<script src="js/jquery.easing.min.js"></script>
<script src="js/bootstrap.min.js"></script>
<script src="js/custom.js"></script>
</body>
</html>