<?phpif(isset($_GET['id']) && isset($_GET['token'])){require 'base.php';re

1. <?php
2. if(isset($_GET['id']) && isset($_GET['token'])){
3. require 'base.php';
4. require_once 'functions.php';
5. $req = $pdo->prepare('SELECT * FROM users WHERE id = ? AND reset_token IS NOT NULL AND reset_token = ? AND reset_at > DATE_SUB(NOW(), INTERVAL 30 MINUTE');
6. $req->execute([$_GET['id'], $_GET['token']]);
7. $user = $req->fetch();
8. if($user){
9. if(!empty($_POST)){
10.  
11. if(!empty($_POST['password']) && $_POST['password'] == $_POST['password_confirm']){
12. $password = password_hash($_POST['password'], PASSWORD_BCRYPT);
13. $pdo->prepare('UPDATE users SET password = ?, reset_at = NULL, rset_token = NULL')->execute([$password]);
14. session_start();
15. $_SESSION['flash']['success'] = "Votre mot de passe a bien été changé !";
16. $_SESSION['auth'] = $user;
17. header('Location: compte.php');
18. exit();
19. }
20.  
21. }
22. }else {
23. session_start();
24. $_SESSION['flash']['danger'] = "Ce lien n'est pas valide !";
25. header('Location: connexion.php');
26. exit();
27. }
28. }else {
29. header('Location: connexion.php');
30. exit();
31. }
32. ?>
33. <?php require '../elements/espace_membre.php'; ?>
34. <h1>Réintialiser mon mot de passe </h1>
35. <form action="" method="POST">
36.  
37. <label for="">Mot de passe : </label>
38. <input type="password" name="password" /><br/><br/>
39.  
40. <label for="">Confirmation du mot de passe : </label>
41. <input type="password" name="password_confirm" /><br/><br/>
42.  
43.  
44.  
45. <button type="submit">Réinitaliser mon mot de passe</button>
46.  
47. </form>