-
Notifications
You must be signed in to change notification settings - Fork 55
/
resetpassword.php
88 lines (78 loc) · 3.25 KB
/
resetpassword.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?php
session_start();
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) {
header('location: /index.php');
die();
}
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
include('includes/db_connect.php');
$ret = pg_prepare($db, "checktoken_query", "select * from tokens where token = $1");
$ret = pg_execute($db, "checktoken_query", array($_GET['token']));
if (pg_num_rows($ret) === 0) {
$invalid_token = true;
}
}
else if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!isset($_POST['token'])) {
echo 'invalid request';
die();
}
$token = $_POST['token'];
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];
if ($password1 !== $password2) {
$pass_error = true;
}
else {
include('includes/db_connect.php');
$ret = pg_prepare($db, "checktoken_query", "select * from tokens where token = $1");
$ret = pg_execute($db, "checktoken_query", array($token));
if (pg_num_rows($ret) === 0) {
$invalid_token = true;
} else {
$uid = pg_fetch_row($ret)[1];
$newpass = hash('sha256', $password1);
$ret = pg_prepare($db, "changepassword_query", "update users set password = $1 where uid = $2");
$ret = pg_execute($db, "changepassword_query", array($newpass, $uid));
$ret = pg_prepare($db, "deletetoken_query", "delete from tokens where token = $1");
$ret = pg_execute($db, "deletetoken_query", array($token));
$success = true;
}
}
}
?>
<html>
<head>
<title>TUDO/Reset Password</title>
<link rel="stylesheet" href="style/style.css">
</head>
<body>
<?php include('includes/header.php'); ?>
<div id="content">
<?php
if (isset($invalid_token)) {
echo '<h1 style="color:red">Token is invalid.</h1>';
echo '<a href="#" onclick="history.back();return false">Go back</a>';
die();
}
if (isset($pass_error)) {
echo '<h1 style="color:red">Passwords don\'t match.</h1><br>';
echo '<a href="#" onclick="history.back();return false">Go back</a>';
die();
}
?>
<div id="content">
<form class="center_form" action="resetpassword.php" method="POST">
<h1>Reset Password:</h1>
<input type="hidden" name="token" value="<?php echo $_GET['token']; ?>">
<input type="password" name="password1" placeholder="New password"><br><br>
<input type="password" name="password2" placeholder="Confirm password"><br><br>
<input type="submit" value="Change password">
<?php if (isset($success)){echo "<span style='color:green'>Password changed!</span>";} ?>
<br><br>
<?php include('includes/login_footer.php'); ?>
</form>
</div>
</div>
</body>
</html>