-
Notifications
You must be signed in to change notification settings - Fork 0
/
reset_password.php
43 lines (29 loc) · 1.22 KB
/
reset_password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
<?php
/* Password reset process, updates database with new user password */
require_once("db.php");
session_start();
// Make sure the form is being submitted with method="post"
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Make sure the two passwords match
if(preg_match('/^(?=.*\d)(?=.*[@#\-_$%^&+=ยง!\?])(?=.*[a-z])(?=.*[A-Z])[0-9A-Za-z@#\-_$%^&+=ยง!\?]{8,20}$/', $POST_['password'])){
$_SESSION['message'] = "Password does not meet the requirements";
header("location: error.php");
}else{
if ( $_POST['newpassword'] == $_POST['confirmpassword'] ) {
$new_password = password_hash($_POST['newpassword'], PASSWORD_BCRYPT);
// We get $_POST['email'] and $_POST['hash'] from the hidden input field of reset.php form
$email = $conn->escape_string($_POST['email']);
$hash = $conn->escape_string($_POST['hash']);
$sql = "UPDATE users SET password='$new_password', hash='$hash' WHERE email='$email'";
if ( $conn->query($sql) ) {
$_SESSION['message'] = "Your password has been reset successfully!";
header("location: success.php");
}
}
else {
$_SESSION['message'] = "Two passwords you entered don't match, try again!";
header("location: error.php");
}
}
}
?>