prepare("SELECT * FROM users WHERE id = :userid");
$result = $statement->execute(array('userid' => $userid));
$user = $statement->fetch();
//check if theres a code for the user delivered
if($user === null || $user['passwordcode'] === null) {
die("No User matching your request.");
}
if($user['passwordcode_time'] === null || strtotime($user['passwordcode_time']) < (time()-24*3600) ) {
die("Ooops. This code isn't valid anymore.");
}
if(sha1($code) != $user['passwordcode']) {
die("Thats not your code. Naughty user!");
}
if(isset($_GET['send'])) {
$password = $_POST['password'];
$password_confirm = $_POST['password_confirm'];
if($password != $password_confirm) {
echo "password or confirmed password wrong";
} else {
$passwordhash = password_hash($password, PASSWORD_DEFAULT);
$statement = $pdo->prepare("UPDATE users SET password = :passwordhash, passwordcode = NULL, passwordcode_time = NULL WHERE id = :userid");
$result = $statement->execute(array('passwordhash' => $passwordhash, 'userid'=> $userid ));
if($result) {
die('Changed password. Please goto login now.');
}
}
}
?>
Set new password