<?php require('../includes/config.php'); //if logged in redirect to members

1. <?php require('../includes/config.php');
2.  
3. //if logged in redirect to members page
4. if( $user->is_logged_in() ){ header('Location: ../members.php'); }
5.  
6. $stmt = $db->prepare('SELECT resetToken, resetComplete FROM users WHERE resetToken = :token');
7. $stmt->execute(array(':token' => $_GET['key']));
8. $row = $stmt->fetch(PDO::FETCH_ASSOC);
9.  
10. //if no token from db then kill the page
11. if(empty($row['resetToken'])){
12. $stop = 'Invalid token provided, please use the link provided in the reset email.';
13. } elseif($row['resetComplete'] == 'Yes') {
14. $stop = 'Your password has already been changed!';
15. }
16.  
17. //if form has been submitted process it
18. if(isset($_POST['submit'])){
19.  
20. $password = strip_tags($_POST['password']);
21. $passwordConfirm = strip_tags($_POST['passwordConfirm']);
22.  
23. //basic validation
24. if(strlen($password) < 3){
25. $error[] = 'Password is too short.';
26. }
27.  
28. if(strlen($passwordConfirm) < 3){
29. $error[] = 'Confirm password is too short.';
30. }
31.  
32. if($password != $passwordConfirm){
33. $error[] = 'Passwords do not match.';
34. }
35.  
36. //if no errors have been created carry on
37. if(!isset($error)){
38.  
39. //hash the password
40. $hashedpassword = $user->password_hash($password, PASSWORD_BCRYPT);
41.  
42. try {
43.  
44. $stmt = $db->prepare("UPDATE users SET pass = :hashedpassword, resetComplete = 'Yes', active='Yes' WHERE resetToken = :token");
45. $stmt->execute(array(
46. ':hashedpassword' => $hashedpassword,
47. ':token' => $row['resetToken']
48. ));
49.  
50. //redirect to index page
51. header('Location: login.php?action=resetAccount');
52. exit;
53.  
54. //else catch the exception and show the error.
55. } catch(PDOException $e) {
56. $error[] = $e->getMessage();
57. }
58.  
59. }
60.  
61. }
62.  
63. //define page title
64. $title = 'Reset Account';
65.  
66. //include header template
67. require('layout/header.php');
68. ?>
69.  
70. <div class="container">
71.  
72. <div class="row">
73.  
74. <div class="col-xs-12 col-sm-8 col-md-6 col-sm-offset-2 col-md-offset-3">
75.  
76.  
77. <?php if(isset($stop)){
78.  
79. echo "<p>$stop</p>";
80.  
81. } else { ?>
82.  
83. <form role="form" method="post" autocomplete="off">
84. <h2>Change Password</h2>
85. <hr>
86.  
87. <?php
88. //check for any errors
89. if(isset($error)){
90. foreach($error as $error){
91. echo '<p class="btn btn-warning">'.$error.'</p><br><br>';
92. }
93. }
94.  
95. //check the action
96. switch ($_GET['action']) {
97. case 'active':
98. echo "<h2 class='bg-success'>Your account is now active you may now log in.</h2>";
99. break;
100. case 'reset':
101. echo "<h2 class='bg-success'>Please check your inbox for a reset link.</h2>";
102. break;
103. }
104. ?>
105.  
106. <div class="row">
107. <div class="col-xs-6 col-sm-6 col-md-6">
108. <div class="form-group">
109. <input type="password" name="password" id="password" class="form-control input-lg" placeholder="Password" tabindex="1">
110. </div>
111. </div>
112. <div class="col-xs-6 col-sm-6 col-md-6">
113. <div class="form-group">
114. <input type="password" name="passwordConfirm" id="passwordConfirm" class="form-control input-lg" placeholder="Confirm Password" tabindex="2">
115. </div>
116. </div>
117. </div>
118.  
119. <hr>
120. <div class="row">
121. <div class="col-xs-6 col-md-6"><input type="submit" name="submit" value="Change Password" class="btn btn-primary btn-block btn-lg" tabindex="3"></div>
122. </div>
123. </form>
124.  
125. <?php } ?>
126. </div>
127. </div>
128.  
129.  
130. </div>
131.  
132. <?php
133. //include header template
134. require('layout/footer.php');
135. ?>