API tools faq
paste
Advertisement
Guest User

resetpassword.php

a guest
Oct 29th, 2016
166
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.35 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. // include common.inc.php
  3. include 'core/common.inc.php';
  4. showHeader('Forgot password')
  5. ?>
  6.  
  7. <!--
  8. have user trying to retreive password enter his email address affiliated
  9. with account upon submition echo that 'if that email exist(s) in database,
  10. email will be sent with link to reset your password!'
  11. -->
  12. <?php if (!(isset($_POST['email']))) { ?>
  13. <!-- ^ if user submits with email submitted ^
  14. v do the following (starting at } else { statement) v -->
  15. <center>
  16. <form method="POST" class="forgot-pw">
  17. <input class="forgot-pw" type="email" name="email" placeholder="email address" required /><br />
  18. <button class="btn btn-primary forgot-pw" type="submit" value="reset password">Reset Password</button>
  19. </form>
  20. </center>
  21.  
  22. <?php
  23. } else {
  24. // random string from http://php.net/manual/en/function.openssl-random-pseudo-bytes.php
  25. for ($i = -1; $i <= 10; $i++) {
  26. $pwreset_code = openssl_random_pseudo_bytes($i, $cstrong);
  27. $pwresetcode = bin2hex($pwreset_code);
  28. }
  29.  
  30. //echo "password reset code would looks something like {$pwresetcode}";
  31. echo "<p class='request-pw-info'>If {$_POST['email']} is registered, an email has been sent to reset your password.</p>";
  32.  
  33. $msg = "<p>You are receiving this email because you requested your password to be reset, if you didn't you can ignore this email. <br />Follow the link below to reset your password.</p>";
  34. $msg .= "<p><a href='http://www.heartfx.org/update_password.php?code={$pwresetcode}'>Reset password</a><br>Thank you</p>";
  35.  
  36. $msg = wordwrap($msg,70);
  37.  
  38. $headers = "MIME-Version: 1.0" . "\r\n";
  39. $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
  40.  
  41. mail($_POST['email'],"PASSWORD RESET",$msg,$headers);
  42.  
  43. try {
  44. // insert $pwresetcode into resetpw_code in db where email = email submitted...
  45. $email = $_POST['email'];
  46. $pwresetcode = bin2hex($pwreset_code);
  47. $pwcodedb = dbConnect()->prepare("UPDATE users SET resetpw_id = :pwresetcode WHERE email = :email");
  48. // vvv can also do top query like the one under here vvv
  49. // $pwcodedb = dbConnect()->prepare("UPDATE users SET resetpw_id = '$pwresetcode' WHERE email = '$email'");
  50. $pwcodedb->bindParam(':email', $email);
  51. $pwcodedb->bindParam(':pwresetcode', $pwresetcode);
  52. $pwcodedb->execute();
  53. } catch(PDOException $e) {
  54. echo $pwcodedb . "<br />" . $e->getMessage();
  55. }
  56. }
  57. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!