Guest User

Untitled

a guest
Jan 22nd, 2018
137
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php require('../includes/config.php');
  2.  
  3. //if logged in redirect to members page
  4. if( $user->is_logged_in() ){ header('Location: ../members.php'); }
  5.  
  6. $stmt = $db->prepare('SELECT resetToken, resetComplete FROM users WHERE resetToken = :token');
  7. $stmt->execute(array(':token' => $_GET['key']));
  8. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  9.  
  10. //if no token from db then kill the page
  11. if(empty($row['resetToken'])){
  12. $stop = 'Invalid token provided, please use the link provided in the reset email.';
  13. } elseif($row['resetComplete'] == 'Yes') {
  14. $stop = 'Your password has already been changed!';
  15. }
  16.  
  17. //if form has been submitted process it
  18. if(isset($_POST['submit'])){
  19.  
  20. $password = strip_tags($_POST['password']);
  21. $passwordConfirm = strip_tags($_POST['passwordConfirm']);
  22.  
  23. //basic validation
  24. if(strlen($password) < 3){
  25. $error[] = 'Password is too short.';
  26. }
  27.  
  28. if(strlen($passwordConfirm) < 3){
  29. $error[] = 'Confirm password is too short.';
  30. }
  31.  
  32. if($password != $passwordConfirm){
  33. $error[] = 'Passwords do not match.';
  34. }
  35.  
  36. //if no errors have been created carry on
  37. if(!isset($error)){
  38.  
  39. //hash the password
  40. $hashedpassword = $user->password_hash($password, PASSWORD_BCRYPT);
  41.  
  42. try {
  43.  
  44. $stmt = $db->prepare("UPDATE users SET pass = :hashedpassword, resetComplete = 'Yes', active='Yes' WHERE resetToken = :token");
  45. $stmt->execute(array(
  46. ':hashedpassword' => $hashedpassword,
  47. ':token' => $row['resetToken']
  48. ));
  49.  
  50. //redirect to index page
  51. header('Location: login.php?action=resetAccount');
  52. exit;
  53.  
  54. //else catch the exception and show the error.
  55. } catch(PDOException $e) {
  56. $error[] = $e->getMessage();
  57. }
  58.  
  59. }
  60.  
  61. }
  62.  
  63. //define page title
  64. $title = 'Reset Account';
  65.  
  66. //include header template
  67. require('layout/header.php');
  68. ?>
  69.  
  70. <div class="container">
  71.  
  72. <div class="row">
  73.  
  74. <div class="col-xs-12 col-sm-8 col-md-6 col-sm-offset-2 col-md-offset-3">
  75.  
  76.  
  77. <?php if(isset($stop)){
  78.  
  79. echo "<p>$stop</p>";
  80.  
  81. } else { ?>
  82.  
  83. <form role="form" method="post" autocomplete="off">
  84. <h2>Change Password</h2>
  85. <hr>
  86.  
  87. <?php
  88. //check for any errors
  89. if(isset($error)){
  90. foreach($error as $error){
  91. echo '<p class="btn btn-warning">'.$error.'</p><br><br>';
  92. }
  93. }
  94.  
  95. //check the action
  96. switch ($_GET['action']) {
  97. case 'active':
  98. echo "<h2 class='bg-success'>Your account is now active you may now log in.</h2>";
  99. break;
  100. case 'reset':
  101. echo "<h2 class='bg-success'>Please check your inbox for a reset link.</h2>";
  102. break;
  103. }
  104. ?>
  105.  
  106. <div class="row">
  107. <div class="col-xs-6 col-sm-6 col-md-6">
  108. <div class="form-group">
  109. <input type="password" name="password" id="password" class="form-control input-lg" placeholder="Password" tabindex="1">
  110. </div>
  111. </div>
  112. <div class="col-xs-6 col-sm-6 col-md-6">
  113. <div class="form-group">
  114. <input type="password" name="passwordConfirm" id="passwordConfirm" class="form-control input-lg" placeholder="Confirm Password" tabindex="2">
  115. </div>
  116. </div>
  117. </div>
  118.  
  119. <hr>
  120. <div class="row">
  121. <div class="col-xs-6 col-md-6"><input type="submit" name="submit" value="Change Password" class="btn btn-primary btn-block btn-lg" tabindex="3"></div>
  122. </div>
  123. </form>
  124.  
  125. <?php } ?>
  126. </div>
  127. </div>
  128.  
  129.  
  130. </div>
  131.  
  132. <?php
  133. //include header template
  134. require('layout/footer.php');
  135. ?>
RAW Paste Data