thies/loginpagefoo
Template
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

"commented" forgotpass.php & resetpass.php

Browse Source
This commit is contained in:
Thies Mueller
2021-01-12 17:42:16 +01:00
parent 8d2ffcde8a
commit 70305da5fd
2 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
resetpass.php
View File

@@ -9,6 +9,12 @@
<?php
include 'db.inc.php';
/*
more or less the same as activate.php
but some minor differences, find the documentation over there
*/
if(!isset($_GET['userid']) || !isset($_GET['code'])) {
die('<div class="alert alert-warning" role="alert">No code delivered. nothing to do here.</div>');
}
@@ -43,7 +49,7 @@ if(sha1($code) != $user['passwordcode']) {
if(isset($_GET['send'])) {
$password = $_POST['password'];
$password_confirm = $_POST['password_confirm'];
$password_confirm = $_POST['password_confirm']; //we need to do the whole "is your password secure enough" thingy again here:
//regexes for passvalidation:
$REuppercase = preg_match('@[A-Z]@', $password);
$RElowercase = preg_match('@[a-z]@', $password);
@@ -60,7 +66,7 @@ if(isset($_GET['send'])) {
$passwordhash = password_hash($password, PASSWORD_DEFAULT);
$statement = $pdo->prepare("UPDATE users SET password = :passwordhash, passwordcode = NULL, passwordcode_time = NULL WHERE id = :userid");
$result = $statement->execute(array('passwordhash' => $passwordhash, 'userid'=> $userid ));
//done. the rest is the same
if($result) {
die('Changed password. Going to <a href="login.php">login</a> now.<meta http-equiv="refresh" content="1; URL=login.php">');
}