Scribd
Upload
78 views7 pages

Exercise-10 IWP

The document describes code for a password reset and change form. The password reset form allows a user to enter their username and phone number. If correct, it generates a new random password, updates the database, and redirects the user with the new password. If incorrect, it declines the request. The password change form requires the current username and password. If correct, it updates the password in the database and redirects the user with a success message. If incorrect, it declines the request.

Uploaded by

Kush Choudhary
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
78 views7 pages

Exercise-10 IWP

The document describes code for a password reset and change form. The password reset form allows a user to enter their username and phone number. If correct, it generates a new random password, updates the database, and redirects the user with the new password. If incorrect, it declines the request. The password change form requires the current username and password. If correct, it updates the password in the database and redirects the user with a success message. If incorrect, it declines the request.

Uploaded by

Kush Choudhary
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Exercise-10

IWP-LAB

18BCE0557 KUSHAL

DB Creation:

Part 1: Write the reset password form

On Entering Correct Username and Password:


- Update Password in DB
- Redirect to login page
- Display New Password
On Entering Wrong Details:
- Display declined message and redirect to redirect page again

CODE:
<!​DOCTYPE​ ​html​>
<​html​ ​lang​=​"en"​>
<​head​>
​<​meta​ ​charset​=​"UTF-8"​>
​<​meta​ ​name​=​"viewport"​ ​content​=​"width=device-width, initial-scale=1.0"​>
​<​title​>​Password Reset Form​</​title​>
</​head​>
<​body​>

<?php

​if​ (​$_SERVER​[​'REQUEST_METHOD'​] === ​'GET'​) {


​if​ (​isset​(​$_GET​[​'message'​])) {
​echo​ ​$_GET​[​'message'​];
}
​ cho​ ​'<center>
e
<h2>Password Reset using Username and PhoneNumber</h2>
</br></br>
<div>
<form name="reset_form action="reset.php" method="post">
<input type="text" name="username" id="username" placeholder="Your
Username">
<input type="number" name="pnumber" id="pnumber" placeholder="Your
Phone Number">
<input type="submit" value="Reset">
</form>
</div>
</center>'​;
}

​if​ (​$_SERVER​[​'REQUEST_METHOD'​] === ​'POST'​) {


​extract​(​$_POST​);
​include​(​"database.php"​);

​$rs​ = ​mysqli_query​(​$conn​, ​"select * from user where


USERNAME='​$username​' and PHONE='​$pnumber​'"​);
​if​ (​mysqli_num_rows​(​$rs​)>​0​) {
​$str_result​ =
'0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'​;
​$new_pass​ = ​substr​(​str_shuffle​(​$str_result​), ​0​, ​8​);
​$password_hash​ = ​hash​(​'md5'​, ​$new_pass​);
​$rs​ = ​mysqli_query​(​$conn​, ​"​UPDATE​ users ​SET
PASSWORD_HASH​=​$password_hash​ ​where​ USERNAME​=​'​$username​'"​);
​header​(​"Location:
http://localhost:8082/Exercise8/login.php?message='Your New Password is
$new_pass​'"​);
}
​else​ {
​ eader​(​"Location:
h
http://localhost:8082/Exercise8/reset.php?message='Invalid Details
Provided. Password reset DECLINED'"​);
}
}
?>

</​body​>
</​html​>

Part 2: Write the change password form

As per instructions
Code:
<!​DOCTYPE​ ​html​>
<​html​ ​lang​=​"en"​>
<​head​>
​<​meta​ c​ harset​=​"UTF-8"​>
​<​meta​ n​ ame​=​"viewport"​ ​content​=​"width=device-width, initial-scale=1.0"​>
​ ​title​>​Password Change Form​</​title​>
<
</​head​>
<​body​>

<?php

​if​ (​$_SERVER​[​'REQUEST_METHOD'​] === ​'GET'​) {


​if​ (​isset​(​$_GET​[​'message'​])) {
​echo​ ​$_GET​[​'message'​];
}

​ cho​ ​'<center>
e
<h2>Password Update using Username and Current Password</h2>
</br></br>
<div>
<form name="reset_form action="reset.php" method="post">
<input type="text" name="username" id="username" placeholder="Your
Username">
<input type="password" name="password" id="password" placeholder="Your
Current Password">
<input type="password" name="new_password" id="new_password"
placeholder="Your New Password">
<input type="submit" value="Reset">
</form>
</div>
</center>'​;
}

​if​ (​$_SERVER​[​'REQUEST_METHOD'​] === ​'POST'​) {


​extract​(​$_POST​);
​include​(​"database.php"​);
​$current_pass_hash​ = ​hash​(​'md5'​, ​$password​);
​ rs​ = ​mysqli_query​(​$conn​, ​"select * from user where
$
username='​$username​' AND password_hash='​$current_pass_hash​'"​);
​if​ (​mysqli_num_rows​(​$rs​)>​0​) {
​$new_pass​ = ​$new_password​;
​$password_hash​ = ​hash​(​'md5'​, ​$new_pass​);
​$rs​ = ​mysqli_query​(​$conn​, ​"​UPDATE​ users ​SET
PASSWORD_HASH​=​$password_hash​ ​where​ USERNAME​=​'​$username​'"​);
​ eader​(​"Location:
h
http://localhost:8082/Exercise8/login.php?message='Your Password is
Successfully updated to ​$new_pass​'"​);
}
​else​ {
​header​(​"Location:
http://localhost:8082/Exercise8/pass_change.php?message='Invalid Details
Provided. Password UPDATE DECLINED'"​);
}
}

?>

</​body​>
</​html​>

You might also like