-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathreset-password.php
More file actions
49 lines (40 loc) · 1.48 KB
/
Copy pathreset-password.php
File metadata and controls
49 lines (40 loc) · 1.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
<?php
session_start();
require_once 'includes/db_connect.php';
require_once 'includes/auth.php';
require_once 'includes/csrf.php';
$token = $_GET['token'] ?? '';
$error = '';
$validToken = false;
if ($token) {
$stmt = $pdo->prepare("SELECT id FROM users WHERE reset_token = ? AND reset_expires > NOW()");
$stmt->execute([$token]);
$validToken = (bool)$stmt->fetch();
}
if (!$validToken) {
$error = 'Invalid or expired token';
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $validToken) {
if (!validateCsrfToken($_POST['csrf_token'])) {
$error = 'Invalid request';
} else {
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];
if (strlen($password) < 8) {
$error = 'Password must be at least 8 characters';
} elseif ($password !== $confirm_password) {
$error = 'Passwords do not match';
} else {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$pdo->prepare("UPDATE users SET password = ?, reset_token = NULL, reset_expires = NULL WHERE reset_token = ?")
->execute([$hashed_password, $token]);
$_SESSION['success_message'] = 'Your password has been updated. Please login.';
header('Location: login.php');
exit();
}
}
}
$pageTitle = 'Reset Password';
require_once 'includes/header1.php';
?>
<!-- Form for new password with token as hidden field -->