I'm in a rush to release so I am adding features that are needed to make it usable.
This commit is contained in:
parent
c76ab1abf3
commit
4c2857b445
25 changed files with 2475 additions and 3475 deletions
124
password-reset.php
Normal file
124
password-reset.php
Normal file
|
|
@ -0,0 +1,124 @@
|
|||
<?php
|
||||
session_start();
|
||||
require_once 'includes/globals.php';
|
||||
require_once 'vendor/autoload.php';
|
||||
|
||||
use DJMixHosting\Database;
|
||||
|
||||
$db = new Database($config);
|
||||
$verification_code = "";
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'GET' && isset($_GET['code'])) {
|
||||
$verification_code = trim($_GET['code']);
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$verification_code = trim($_POST['verification_code'] ?? '');
|
||||
$username = trim($_POST['username'] ?? '');
|
||||
$new_password = $_POST['new_password'] ?? '';
|
||||
$confirm_password = $_POST['confirm_password'] ?? '';
|
||||
|
||||
if (empty($verification_code) || empty($username) || empty($new_password) || empty($confirm_password)) {
|
||||
$_SESSION['error'] = "All fields are required.";
|
||||
header("Location: password-reset.php?code=" . urlencode($verification_code));
|
||||
exit;
|
||||
}
|
||||
if ($new_password !== $confirm_password) {
|
||||
$_SESSION['error'] = "Passwords do not match.";
|
||||
header("Location: password-reset.php?code=" . urlencode($verification_code));
|
||||
exit;
|
||||
}
|
||||
|
||||
// Look up the password reset record (purpose 'password_reset')
|
||||
$stmt = $db->prepare("SELECT * FROM email_verifications WHERE verification_code = ? AND purpose = 'password_reset'");
|
||||
$stmt->bind_param("s", $verification_code);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
$record = $result->fetch_assoc();
|
||||
$stmt->close();
|
||||
|
||||
if (!$record) {
|
||||
$_SESSION['error'] = "Invalid or expired password reset code.";
|
||||
header("Location: password-reset.php?code=" . urlencode($verification_code));
|
||||
exit;
|
||||
}
|
||||
|
||||
// Check expiration
|
||||
$current_time = new DateTime();
|
||||
$expires_at = new DateTime($record['expires_at']);
|
||||
if ($current_time > $expires_at) {
|
||||
$_SESSION['error'] = "Password reset code has expired.";
|
||||
header("Location: password-reset.php?code=" . urlencode($verification_code));
|
||||
exit;
|
||||
}
|
||||
|
||||
// Verify the username matches the record
|
||||
$stmt = $db->prepare("SELECT id, username FROM users WHERE id = ? AND username = ?");
|
||||
$stmt->bind_param("is", $record['user_id'], $username);
|
||||
$stmt->execute();
|
||||
$userData = $stmt->get_result()->fetch_assoc();
|
||||
$stmt->close();
|
||||
|
||||
if (!$userData) {
|
||||
$_SESSION['error'] = "Username does not match our records.";
|
||||
header("Location: password-reset.php?code=" . urlencode($verification_code));
|
||||
exit;
|
||||
}
|
||||
|
||||
// Update the user's password
|
||||
$hashed_password = password_hash($new_password, PASSWORD_DEFAULT);
|
||||
$stmt = $db->prepare("UPDATE users SET password = ? WHERE id = ?");
|
||||
$stmt->bind_param("si", $hashed_password, $userData['id']);
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
|
||||
// Remove the password reset record
|
||||
$stmt = $db->prepare("DELETE FROM email_verifications WHERE verification_code = ? AND purpose = 'password_reset'");
|
||||
$stmt->bind_param("s", $verification_code);
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
|
||||
$_SESSION['success'] = "Your password has been reset successfully. Please log in with your new password.";
|
||||
header("Location: login.php");
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once 'includes/header.php';
|
||||
?>
|
||||
|
||||
<section class="password-reset-section py-5">
|
||||
<div class="container">
|
||||
<div class="row justify-content-center">
|
||||
<div class="col-lg-5">
|
||||
<?php
|
||||
if(isset($_SESSION['error'])) {
|
||||
echo '<div class="alert alert-danger alert-dismissible fade show mb-4" role="alert">' . htmlspecialchars($_SESSION['error']) . '<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button></div>';
|
||||
unset($_SESSION['error']);
|
||||
}
|
||||
?>
|
||||
<div class="card shadow-sm border-0">
|
||||
<div class="card-body p-4">
|
||||
<h3 class="text-center mb-4">Reset Password</h3>
|
||||
<form action="password-reset.php" method="post" class="needs-validation" novalidate>
|
||||
<input type="hidden" name="verification_code" value="<?php echo htmlspecialchars($verification_code); ?>">
|
||||
<div class="mb-3">
|
||||
<label for="username" class="form-label">Enter your username</label>
|
||||
<input type="text" class="form-control" id="username" name="username" required>
|
||||
</div>
|
||||
<div class="mb-3">
|
||||
<label for="new_password" class="form-label">New Password</label>
|
||||
<input type="password" class="form-control" id="new_password" name="new_password" required>
|
||||
</div>
|
||||
<div class="mb-3">
|
||||
<label for="confirm_password" class="form-label">Confirm New Password</label>
|
||||
<input type="password" class="form-control" id="confirm_password" name="confirm_password" required>
|
||||
</div>
|
||||
<button type="submit" class="btn btn-primary w-100">Reset Password</button>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
|
||||
<?php require_once 'includes/footer.php'; ?>
|
||||
Loading…
Add table
Add a link
Reference in a new issue