-
Notifications
You must be signed in to change notification settings - Fork 2
/
reset_pass.php
155 lines (126 loc) · 6.14 KB
/
reset_pass.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
<?php
/**
* Upon Clicking the Link, user arrives here and is asked to enter a new password. This page asks the User to Enter the New password.
* 1) send_reset_link.php (Sends the Reset Link)
* 2) reset_pass.php (Upon Clicking the Link, user arrives here and is asked to enter a new password
* 3) submit_new.php (Logic to update the database with the new password)
*
* @version PHP 8.0.12
* @since June 2022
* @author AtharvaShah
*/
require("connection.php");
//page will only serve data when the key and reset parameters are set
if (isset($_GET['key']) && isset($_GET['reset'])) {
$email = mysqli_real_escape_string($con, $_GET['key']);
$pass = mysqli_real_escape_string($con,$_GET['reset']);
//select the email and the passsword of the current user
$select = mysqli_query($con, "select `email`, `password` from `users` where `email`='$email' and `password`='$pass'");
if (mysqli_num_rows($select) == 1) {
?>
<!----------------------------------------------------------------
HTML PART
----------------------------------------------------------------->
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title> WYDRN - Password Reset</title>
<link rel="stylesheet" href="css/others/bootstrap-reboot.min.css">
<link rel="stylesheet" href="css/others/bootstrap-grid.min.css">
<link rel="stylesheet" href="css/others/ionicons.min.css">
<link rel="stylesheet" href="css/utility.css">
<meta name="description" content="allows user to reset password" />
<meta name="keywords" content="WYDRN, reset pass" />
<link rel="icon" type="image/png" href="images/website/favicons/favicon-32x32.png" sizes="32x32">
<link rel="apple-touch-icon" href="images/website/favicons/apple-touch-icon.png">
<link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
<!-- Sweet Alert (Beautiful looking alert plugin-->
<script src="https://unpkg.com/sweetalert/dist/sweetalert.min.js"></script>
</head>
<body>
<div class="sign section--bg" data-bg="images/website/assets/abstract/section.jpg">
<div class="container">
<div class="row">
<div class="col-12">
<div class="sign__content">
<!--HTML Form for Resetting Password-->
<form method="POST" action="submit_new.php" class="sign__form" onsubmit="return validation();">
<a href="login.php" class="sign__logo">
<img src="images/website/logo.png" alt="">
</a>
<!--Take on the email from the get request and pass it onto the next page whilst keeping it hidden because password will be updated where email is matching -->
<input type="hidden" class="sign__input" name="email" value="<?php echo $email; ?>">
<!--INPUT FIELD TO ACCEPT THE NEW PASS FROM THE USER-->
<div class="sign__group">
<input type="password" id="pass" name='password' class="sign__input" placeholder="Enter new password" required autocomplete="new-password">
</div>
<!-- SHOW PASSWORD-->
<label style="color:white; cursor:pointer; margin-left:-160px; margin-top: -10px;" id="toggleText" onclick="return showPass()"><input type="checkbox" />
Show Password</label>
<input type="submit" value="Update Password" name="submit_password" class="forgot-mail-submit">
</form>
<!--HTML Form for Resetting Password-->
</div>
</div>
</div>
</div>
</div>
<!-- JS -->
<script src="js/jquery-3.5.1.min.js"></script>
<script src="js/jquery.magnific-popup.min.js"></script>
<script src="js/jquery.mCustomScrollbar.min.js"></script>
<script src="js/select2.min.js"></script>
<script src="js/utility.js"></script>
<script>
//toggle password visibility.
function showPass() {
var x = document.getElementById("pass");
if (x.type === "password") {
x.type = "text";
document.getElementById("toggleText").innerHTML = "Hide Password";
} else if (x.type === "text") {
x.type = "password";
document.getElementById("toggleText").innerHTML = "Show Password";
}
}
//check if password is not empty or password is of valid length
function validation() {
var password = document.getElementById("pass").value;
if (password.length < 8 || password.length > 30) {
//sweet alert plugin to display error message. IT REPLACES the JS alert() function.
swal({
title: "Password Invalid",
text: "Password must be between 8 and 30 characters",
icon: "warning",
button: "Retry",
});
return false;
} else {
swal({
title: "Success",
text: "Your password has been updated",
icon: "success",
button: "OK",
});
return true;
}
}
</script>
</body>
</html>
<!----------------------------------------------------------------
PHP ART
----------------------------------------------------------------->
<?php
}
}
//if the user directly lands on this page, then they are not allowed to access the page and requested to use a reset link.
else {
$invalid_reset_link_error = "<center><div class='alert alert-danger w-50 text-center ' style='position: absolute; top: 75px; left: 400px;' role='alert'>You need a proper verification link to reset your password. Can't find the link in your inbox? <a href='send_reset_link.php'>Send another one</a>";
echo $invalid_reset_link_error;
}
mysqli_close($con);
?>