-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathforgotpassword.php
More file actions
105 lines (95 loc) · 4.76 KB
/
forgotpassword.php
File metadata and controls
105 lines (95 loc) · 4.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<?php
include "postFunctions.php";
if(isset($_POST['forgot_email'])){
$user_email = $_POST['forgot_email'];
$user_email = esc($user_email);
$sql = "SELECT * FROM users WHERE email ='$user_email';";
$if_exist_query = mysqli_query($connection, $sql);
if(mysqli_num_rows($if_exist_query)==0){
$email_sent = "This user doesn't exist, check your email";
}
else{
$selector = bin2hex(random_bytes(8));
$token = random_bytes(32);
$url = "http://localhost/CMS/resetpassword.php?selector=".$selector."&validator=".bin2hex($token);
$expires = date("U")+1800;
$sql = "DELETE FROM pwdReset WHERE pwdResetEmail=?";
$stmt = mysqli_stmt_init($connection);
if(!mysqli_stmt_prepare($stmt, $sql)){
die("error1");
}else{
mysqli_stmt_bind_param($stmt, "s", $user_email);
mysqli_stmt_execute($stmt);
}
$sql = "INSERT INTO pwdreset (pwdResetEmail, pwdResetSelector, pwdResetToken, pwdResetExpires) VALUES(?,?,?,?);";
$stmt = mysqli_stmt_init($connection);
if(!mysqli_stmt_prepare($stmt, $sql)){
die("error2");
}
$hashedToken = password_hash($token,PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "ssss", $user_email, $selector, $hashedToken, $expires);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
mysqli_close($connection);
require_once('phpmailer/PHPMailerAutoload.php');
$message = "<p></p><h5>Your reset password link:</h5>";
$message .= '<a href="'.$url.'">'.$url.'</a></p>';
$mail = new PHPMailer();
$mail->isSMTP();
$mail->SMTPAuth = TRUE;
$mail->isHTML(TRUE);
$mail->SMTPSecure='ssl';
$mail->Host = 'smtp.gmail.com';
$mail->Port = '465';
$mail->Username = 'brainbyteinfo@gmail.com';
$mail->Password = 'xhanibelirrusta';
$mail->SetFrom('brainbyteinfo@gmail.com');
$mail->Subject = "Reset Password";
$mail->Body = $message;
$mail->AddAddress($user_email);
if($mail->Send()){
$email_sent = "Success. Check you email";
}
else{
$email_sent = "Error. Couldn't check your email again.";
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Forgot Password</title>
<link rel="stylesheet" href="css/forgotpasswordstyle.css">
<link href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" rel="stylesheet" type="text/css" />
<link href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="content" class="flex">
<div class="">
<div class="page-content page-container" id="page-content">
<div class="padding">
<div class="row">
<div class="col-md-6">
<div class="card">
<div class="card-header"><strong>Restore your password</strong></div>
<div class="card-body">
<form action="forgotpassword.php" method="post">
<div class="form-group"><label class="text-muted" for="exampleInputEmail1">Email address</label><input type="email" class="form-control" id="exampleInputEmail1" aria-describedby="emailHelp" name="forgot_email" placeholder="Enter email"> <small id="emailHelp" class="form-text text-muted">We will send you a link where you will reset you password</small></div>
<button type="submit" class="btn btn-primary">Submit</button>
<?php if(isset($_GET['requestexpired'])) echo '<small id="emailHelp" class="form-text text-muted">'.$_GET['requestexpired'].'</small>'?>
<?php if(isset($email_sent)) echo '<small id="emailHelp" class="form-text text-muted">'.$email_sent.'</small>'?>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
</body>
</html>