-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathreset.php
140 lines (129 loc) · 4 KB
/
reset.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
<?php
session_start();
require_once('config/database.php');
if (isset($_GET['code']) && isset($_GET['email']) && isset($_GET['com']))
{
$email = $_GET['email'];
$code = $_GET['code'];
try
{
$conn = new PDO($DB_DSN, $DB_USER, $DB_PASSWORD);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $conn->prepare("SELECT * FROM users WHERE email = :email");
$stmt->execute(array(':email' => $email));
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
if (count($result))
{
foreach($result as $row)
{
if ($row['con_code'] == $code)
{
$new_code = hash('whirlpool', rand(0, 1000000));
try
{
//changing the con_code in the database
$conn = new PDO($DB_DSN, $DB_USER, $DB_PASSWORD);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $conn->prepare("UPDATE users
SET con_code = :code
WHERE email = :email");
$stmt->execute(array('code' => $new_code, 'email' => $email));
$_SESSION['new_code'] = $new_code;
$_SESSION['email'] = $email;
}
catch (PDOException $e)
{
header("Location: forgot.php?con=error");
exit();
}
}
else
{
//Code doesn't match
header("Location: forgot.php?code=-1");
exit();
}
}
}
else
{
//User doesn't exist
header("Location: forgot.php?email_not_found");
exit();
}
}
catch(PDOException $e)
{
header("Location: forgot.php?con=error");
exit();
}
}
else if (isset($_GET['pas']) && $_GET['pas'] == "weak")
{
echo ("<script>alert('Password too short. Password must be 8 or more characters, have atleast one lowercase and one uppercase letter');</script>");
}
else if (isset($_GET['empty']))
{
echo ("<script>alert('Fields are empty')</script>");
}
else if (isset($_GET['match']))
{
echo ("<script>alert('Password does not match')</script>");
}
else
{
//if the page is not entered correctly
header("Location: forgot.php");
exit();
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Change password</title>
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<!--Header out here-->
<div class="topnav" id="myTopnav">
<a href="index.php">Home</a>
<a href="gallery.php">Gallery</a>
<a href="index.php?user=log">Logout</a>
<a href="javascript:void(0);" style="font-size:15px;" class="icon" onclick="myFunction()">☰</a>
</div>
<script>
function myFunction()
{
var x = document.getElementById("myTopnav");
if (x.className === "topnav")
{
x.className += " responsive";
}
else
{
x.className = "topnav";
}
}
</script>
<div class="pen-title">
<h1>PixelX</h1>
</div>
<div class="module form-module">
<div class="toggle"><i class="fa fa-times fa-pencil"></i>
</div>
<div class="form">
<h2>Create a new password</h2>
<form action="config/update.php" method="POST">
<input type="password" name="newpd" placeholder="Enter new password"/>
<input type="password" name="conpd" placeholder="Confirm password"/>
<button type="submit" name="submit" value="GO">Go!</button>
<button formaction="login.php">Login</button>
</form>
</div>
</div>
<div class="footer">
<p>© 2017 PixelX</p>
</div>
</body>
</html>