thies/loginpagefoo
Template
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

"commented" forgotpass.php & resetpass.php

Browse Source
This commit is contained in:
Thies Mueller 2021-01-12 17:42:16 +01:00
parent 8d2ffcde8a
commit 70305da5fd
2 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
forgotpass.php
View File

@ -7,6 +7,11 @@
</head>
<body>
<?php
/*
this is basically the same as "activaion.php"
some differences will be documented, the rest not.
*/
include 'db.inc.php';
function random_string() {
@ -30,7 +35,7 @@ function random_string() {
$showForm = true;
if(isset($_GET['send']) ) {
if(!isset($_POST['email']) || empty($_POST['email'])) {
if(!isset($_POST['email']) || empty($_POST['email'])) { //here we wanna know more about the user, cause we cant get those infos from the session
$error = "<b>Enter your email address</b>";
} else {
$statement = $pdo->prepare("SELECT * FROM users WHERE email = :email");
@ -47,8 +52,8 @@ if(isset($_GET['send']) ) {
$mailrcpt = $user['email'];
$mailsubject = "New password for your User";
$from = "From: Password Reset Service <resetmypw@".$_SERVER['HTTP_HOST'].">"; //place a real address if we use this in production
$url_passwordcode = 'https://'.$_SERVER['HTTP_HOST'].'/resetpass.php?userid='.$user['id'].'&code='.$passwordcode; //this shouldnt be my domain in prod..
$from = "From: Password Reset Service <resetmypw@".$_SERVER['HTTP_HOST'].">";
$url_passwordcode = 'https://'.$_SERVER['HTTP_HOST'].'/resetpass.php?userid='.$user['id'].'&code='.$passwordcode;
$text = 'Hallo '.$user['username'].',
please use the following URL to change your password in the next 24h:
'.$url_passwordcode.'

10
resetpass.php
View File

@ -9,6 +9,12 @@
<?php
include 'db.inc.php';
/*
more or less the same as activate.php
but some minor differences, find the documentation over there
*/
if(!isset($_GET['userid']) || !isset($_GET['code'])) {
die('<div class="alert alert-warning" role="alert">No code delivered. nothing to do here.</div>');
}
@ -43,7 +49,7 @@ if(sha1($code) != $user['passwordcode']) {
if(isset($_GET['send'])) {
$password = $_POST['password'];
$password_confirm = $_POST['password_confirm'];
$password_confirm = $_POST['password_confirm']; //we need to do the whole "is your password secure enough" thingy again here:
//regexes for passvalidation:
$REuppercase = preg_match('@[A-Z]@', $password);
$RElowercase = preg_match('@[a-z]@', $password);
@ -60,7 +66,7 @@ if(isset($_GET['send'])) {
$passwordhash = password_hash($password, PASSWORD_DEFAULT);
$statement = $pdo->prepare("UPDATE users SET password = :passwordhash, passwordcode = NULL, passwordcode_time = NULL WHERE id = :userid");
$result = $statement->execute(array('passwordhash' => $passwordhash, 'userid'=> $userid ));
//done. the rest is the same
if($result) {
die('Changed password. Going to <a href="login.php">login</a> now.<meta http-equiv="refresh" content="1; URL=login.php">');
}