-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathforgot-password.php
128 lines (82 loc) · 4.39 KB
/
forgot-password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<?php
require_once 'connect.php';
if($_SERVER['REQUEST_METHOD'] === 'GET') {
if(isset($_GET['email']) && !empty($_GET['email'])) {
$email = htmlentities(mysqli_real_escape_string($connection, trim($_GET['email'])));
if(filter_var($email, FILTER_VALIDATE_EMAIL)) {
$find_email_address_query = "SELECT * from users WHERE email = '{$email}'";
$do_find_email_address_query = mysqli_query($connection, $find_email_address_query);
if($do_find_email_address_query) {
$count_email = mysqli_num_rows($do_find_email_address_query);
if($count_email > 0) {
$hash = bin2hex(openssl_random_pseudo_bytes(78));
$forgot_password_hash_query = "UPDATE users SET forgot_password_hash = '{$hash}'
WHERE email = '{$email}'";
$do_forgot_password_hash_query = mysqli_query($connection, $forgot_password_hash_query);
if($do_forgot_password_hash_query) {
$data = array("result" => 1, "message" => "Link To Reset Your Password Has Been Successfully Sent To $email");
sendEmail($email, $hash);
}
else {
$data = array("result" => -5, "message" => "Error Encountered! Try Again Later.");
}
}
else {
$data = array("result" => -4, "message" => "Non-Existant Email Address! Perhaps You Need To Register For An Account.");
}
}
else {
$data = array("result" => -3, "message" => "Encountered A Problem Resetting Your Password! Please Try Again Later.");
}
}
else {
$data = array("result" => -2, "message" => "Invalid Email Address! [email protected] is an example of the correct format.");
}
}
else {
$data = array("result" => -1, "message" => "No Email Address Provided!");
}
}else {
$data = array("result" => 0, "message" => "Incorrect Request Method!");
}
function captchaResponse ($captcha) {
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => "https://www.google.com/recaptcha/api/siteverify",
CURLOPT_POST => 1,
CURLOPT_SSL_VERIFYHOST => 0,
CURLOPT_SSL_VERIFYPEER => 0,
CURLOPT_POSTFIELDS => [
'secret' => '6Lf8CRITAAAAACe0qPldOfZEKijPJl9mKxPiHGiB',
'response' => $captcha,
],
]);
$response = json_decode(curl_exec($curl));
if($response->success){
return true;
}
else {
return false;
}
}
function sendEmail ($recipient, $hash) {
$to = $recipient;
$subject = "Reset Your Password | www.codecafe.cf";
$message = '
Did you just forget your password ?
No worries! It is just too easy to get a new one.
Please click this link to reset your password.
http://www.codecafe.cf/reset-password.php?hash='.$hash.'
'; // Our message above including the link
$headers = 'From:[email protected]' . "\r\n";
$header.= "MIME-Version: 1.0\r\n";
$header.= "Content-Type: text/plain; charset=utf-8\r\n";
$header.= "X-Priority: 1\r\n"; // Set from headers
mail($to, $subject, $message, $headers); // Send our email
}
mysqli_close($connection);
/* JSON Response */
header('Content-type: application/json');
echo json_encode($data, JSON_PRETTY_PRINT);
?>