Scribd
Upload
189 views2 pages

Reset Password

This PHP code handles resetting a user's password. It checks if a password reset request was submitted, validating the selector and validator against the database. If valid, it updates the user's password in the database and deletes the password reset token. The user is redirected upon successful completion.

Uploaded by

Ghee Fan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
189 views2 pages

Reset Password

This PHP code handles resetting a user's password. It checks if a password reset request was submitted, validating the selector and validator against the database. If valid, it updates the user's password in the database and deletes the password reset token. The user is redirected upon successful completion.

Uploaded by

Ghee Fan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

<?

php

if (isset($_POST[reset-password-submit])) {

$selector = $_POST["selector"];
$validator = $_POST["validator"];
$password = $_POST["pwd"];
$passwordRepeat = $_POST["pwd-repeat"];

if (empty($password) || empty($passwordRepeat)) {
header("Location: ../create-new-password.php?newpwd=empty");
exit();
} else if ($password != $passwordRepeat) {
header("Location: ../create-new-password.php?newpad=pwdnotsame");
exit();
}

$currentDate = date("U");

require 'dbh.inc.php'; ";

$sql = "SELECT * FROM pwdReset WHERE pwdResetSelector=? AND


pwdResetExpires >= ?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "There was an error!";
exit();
} else {
mysqli_stmt_bind_param($stmt, "s", $selector);
mysqli_stmt_execute($stmt);

$currentDate = date("U");
$result = mysqli_stmt_get_result($stmt);
if (!$row = mysqli_fetch_assoc($result)) {
echo "You need to re-submit your reset request.";
exit();
} else {

$tokenBin = hex2bin($validator);
$tokenCheck = password_verify($toeknBin, $row["pwdResetToken"]);

if ($tokeCheck === false) {


echo "You need to re-submit ypur reset request.";
exit();
} elseif ($tokenCheck === true) {

$tokenEmail = $row['pwdRestEmail'];

$sql = "SELECT * FROM users WHERE emailUsers=?;";


$stmt = mysqli_stmt_prepare($stmt, $sql)) {
echo "There was an error!";
exit();
} else{
mysqli_stmt_bind_param($stmt, "s", $tokenEmail);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if (!$row = mysqli_fetch_assoc($result)) {
echo "There was an error!";
exit();
} else {

$sql = UPDATE users SET pedUsers=? WHERE emailUsers=?";


$stmt = mysqli_stmt_iit($conn);
if (!mysqli_stmt_init($conn);
echo "There was an error!";
exit();
} else {
$newPwdHash = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "ss", $newPwdHash,
$tokenEmail);
mysqli_stmt_execute($stmt);

$sql = "DELETE FROM pwdReset WHERE pwdResetEmail=?";


$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "There was an error!";
exit();
} else {
mysqli_stmt_bind_param($stmt, "s", $tokenEmail);
mysqli_stmt_execute($stmt);
header("Location: ../signup.php?newpwd=passwordupdated");
}
}

}
}

}
} else {
header("Location: home.php");
}

You might also like