Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // include common.inc.php
- include 'core/common.inc.php';
- showHeader('Forgot password')
- ?>
- <!--
- have user trying to retreive password enter his email address affiliated
- with account upon submition echo that 'if that email exist(s) in database,
- email will be sent with link to reset your password!'
- -->
- <?php if (!(isset($_POST['email']))) { ?>
- <!-- ^ if user submits with email submitted ^
- v do the following (starting at } else { statement) v -->
- <center>
- <form method="POST" class="forgot-pw">
- <input class="forgot-pw" type="email" name="email" placeholder="email address" required /><br />
- <button class="btn btn-primary forgot-pw" type="submit" value="reset password">Reset Password</button>
- </form>
- </center>
- <?php
- } else {
- // random string from http://php.net/manual/en/function.openssl-random-pseudo-bytes.php
- for ($i = -1; $i <= 10; $i++) {
- $pwreset_code = openssl_random_pseudo_bytes($i, $cstrong);
- $pwresetcode = bin2hex($pwreset_code);
- }
- //echo "password reset code would looks something like {$pwresetcode}";
- echo "<p class='request-pw-info'>If {$_POST['email']} is registered, an email has been sent to reset your password.</p>";
- $msg = "<p>You are receiving this email because you requested your password to be reset, if you didn't you can ignore this email. <br />Follow the link below to reset your password.</p>";
- $msg .= "<p><a href='http://www.heartfx.org/update_password.php?code={$pwresetcode}'>Reset password</a><br>Thank you</p>";
- $msg = wordwrap($msg,70);
- $headers = "MIME-Version: 1.0" . "\r\n";
- $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
- mail($_POST['email'],"PASSWORD RESET",$msg,$headers);
- try {
- // insert $pwresetcode into resetpw_code in db where email = email submitted...
- $email = $_POST['email'];
- $pwresetcode = bin2hex($pwreset_code);
- $pwcodedb = dbConnect()->prepare("UPDATE users SET resetpw_id = :pwresetcode WHERE email = :email");
- // vvv can also do top query like the one under here vvv
- // $pwcodedb = dbConnect()->prepare("UPDATE users SET resetpw_id = '$pwresetcode' WHERE email = '$email'");
- $pwcodedb->bindParam(':email', $email);
- $pwcodedb->bindParam(':pwresetcode', $pwresetcode);
- $pwcodedb->execute();
- } catch(PDOException $e) {
- echo $pwcodedb . "<br />" . $e->getMessage();
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement