-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathforgotpwdbackend.php
100 lines (92 loc) · 3.04 KB
/
forgotpwdbackend.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
<?php
require_once "connect.php";
session_start();
function passwordStrength($password){
$message = "Password does not meet requirements";
if (strlen($password) < 8){
//$message = "password is too short";
popUp($message);
return false;
}
if (preg_match('/[A-Z]/', $password) == false){
//$message = "password does not contain uppercase letters";;
popUp($message);
return false;
}
if (preg_match('/[a-z]/', $password) == false){
//$message = "password does not contain lowercase letters";
popUp($message);
return false;
}
if (preg_match('/[0-9]/', $password) == false){
//$message = "password does not contain numbers";
popUp($message);
return false;
}
if (preg_match('/[!@#$%^&*()\-_=+{};:,<.>]/', $password) == false){
//$message = "password does not contain special characters";
popUp($message);
return false;
}
return true;
}
function missingFields($password,$newpassword,$code){
if (strlen($password) == 0 || strlen($newpassword) == 0 || strlen($code) == 0){
$message = "Please fill out all fields";
popUp($message);
return false;
}
return true;
}
function resetPassword(){
global $conn;
global $forgotPath;
global $loginPath;
$newpassword = getInfo("newpassword");
$confirmpassword = getInfo("confirmpassword");
$code = getInfo("code");
if (missingFields($newpassword,$confirmpassword,$code) == false){
redirectPage($forgotPath);
}
if ($newpassword != $confirmpassword){
popUp("passwords do not match");
redirectPage($forgotPath);
}
if (passwordStrength($newpassword) == false){
redirectPage($forgotPath);
}
$username = $_SESSION["username"];
$newhashedpassword = hash("sha256",$newpassword);
$sql = "SELECT code FROM resetCodes WHERE username = '$username'";
$result = $conn->query($sql);
if ($result->num_rows == 0){
popUp("No reset code is registered with this email or username");
redirectPage($forgotPath);
}
$result = $result->fetch_assoc()["code"];
$sql2 = "SELECT password FROM logins WHERE username = '$username'";
$result2 = $conn->query($sql2);
$result2 = $result2->fetch_assoc()["password"];
if ($result2 == $newhashedpassword){
popUp("New password cannot be the same as the old password");
redirectPage($forgotPath);
}
if ($result == $code){
$sql = "UPDATE logins SET password = '$newhashedpassword' WHERE username = '$username'";
$conn->query($sql);
$sql = "DELETE FROM resetCodes WHERE username = '$username'";
$conn->query($sql);
popUp("Password reset successful");
redirectPage($loginPath);
session_destroy();
exit();
}else{
//$sql = "DELETE FROM resetCodes WHERE username = '$username'";
//$conn->query($sql);
popUp("Incorrect reset code");
redirectPage($forgotPath);
exit();
}
}
resetPassword();
?>