thies/loginpagefoo
Template
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

"commented" forgotpass.php & resetpass.php

Browse Source
This commit is contained in:
Thies Mueller 2021-01-12 17:42:16 +01:00
parent 8d2ffcde8a
commit 70305da5fd
2 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
forgotpass.php
View File

@ -7,6 +7,11 @@
</head> </head>
<body> <body>
<?php <?php
/*
this is basically the same as "activaion.php"
some differences will be documented, the rest not.
*/
include 'db.inc.php'; include 'db.inc.php';
function random_string() { function random_string() {
@ -30,7 +35,7 @@ function random_string() {
$showForm = true; $showForm = true;
if(isset($_GET['send']) ) { if(isset($_GET['send']) ) {
if(!isset($_POST['email']) || empty($_POST['email'])) { if(!isset($_POST['email']) || empty($_POST['email'])) { //here we wanna know more about the user, cause we cant get those infos from the session
$error = "<b>Enter your email address</b>"; $error = "<b>Enter your email address</b>";
} else { } else {
$statement = $pdo->prepare("SELECT * FROM users WHERE email = :email"); $statement = $pdo->prepare("SELECT * FROM users WHERE email = :email");
@ -47,8 +52,8 @@ if(isset($_GET['send']) ) {
$mailrcpt = $user['email']; $mailrcpt = $user['email'];
$mailsubject = "New password for your User"; $mailsubject = "New password for your User";
$from = "From: Password Reset Service <resetmypw@".$_SERVER['HTTP_HOST'].">"; //place a real address if we use this in production $from = "From: Password Reset Service <resetmypw@".$_SERVER['HTTP_HOST'].">";
$url_passwordcode = 'https://'.$_SERVER['HTTP_HOST'].'/resetpass.php?userid='.$user['id'].'&code='.$passwordcode; //this shouldnt be my domain in prod.. $url_passwordcode = 'https://'.$_SERVER['HTTP_HOST'].'/resetpass.php?userid='.$user['id'].'&code='.$passwordcode;
$text = 'Hallo '.$user['username'].', $text = 'Hallo '.$user['username'].',
please use the following URL to change your password in the next 24h: please use the following URL to change your password in the next 24h:
'.$url_passwordcode.' '.$url_passwordcode.'

10
resetpass.php
View File

@ -9,6 +9,12 @@
<?php <?php
include 'db.inc.php'; include 'db.inc.php';
/*
more or less the same as activate.php
but some minor differences, find the documentation over there
*/
if(!isset($_GET['userid']) || !isset($_GET['code'])) { if(!isset($_GET['userid']) || !isset($_GET['code'])) {
die('<div class="alert alert-warning" role="alert">No code delivered. nothing to do here.</div>'); die('<div class="alert alert-warning" role="alert">No code delivered. nothing to do here.</div>');
} }
@ -43,7 +49,7 @@ if(sha1($code) != $user['passwordcode']) {
if(isset($_GET['send'])) { if(isset($_GET['send'])) {
$password = $_POST['password']; $password = $_POST['password'];
$password_confirm = $_POST['password_confirm']; $password_confirm = $_POST['password_confirm']; //we need to do the whole "is your password secure enough" thingy again here:
//regexes for passvalidation: //regexes for passvalidation:
$REuppercase = preg_match('@[A-Z]@', $password); $REuppercase = preg_match('@[A-Z]@', $password);
$RElowercase = preg_match('@[a-z]@', $password); $RElowercase = preg_match('@[a-z]@', $password);
@ -60,7 +66,7 @@ if(isset($_GET['send'])) {
$passwordhash = password_hash($password, PASSWORD_DEFAULT); $passwordhash = password_hash($password, PASSWORD_DEFAULT);
$statement = $pdo->prepare("UPDATE users SET password = :passwordhash, passwordcode = NULL, passwordcode_time = NULL WHERE id = :userid"); $statement = $pdo->prepare("UPDATE users SET password = :passwordhash, passwordcode = NULL, passwordcode_time = NULL WHERE id = :userid");
$result = $statement->execute(array('passwordhash' => $passwordhash, 'userid'=> $userid )); $result = $statement->execute(array('passwordhash' => $passwordhash, 'userid'=> $userid ));
//done. the rest is the same
if($result) { if($result) {
die('Changed password. Going to <a href="login.php">login</a> now.<meta http-equiv="refresh" content="1; URL=login.php">'); die('Changed password. Going to <a href="login.php">login</a> now.<meta http-equiv="refresh" content="1; URL=login.php">');
} }