daily pastebin goal
10%
SHARE
TWEET

Untitled

a guest Dec 13th, 2018 59 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <body>
  2.  
  3.  
  4. <form id="forgotpwdreset" name="forgotpwdreset" method="post" action="" onsubmit="forgotpwdalert()"<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>
  5.  
  6. <table border="0">
  7.     <tr></tr>
  8.     <tr></tr>
  9.  
  10.     <input type="hidden" name="email" value="<?php echo $email; ?>" />
  11.     <input type="hidden" name="token" value="<?php echo $token; ?>" />
  12.  
  13.  
  14.     Password must be at least 8 characters long and contain at least 1 number AND 1 capital letter.<br /><br />
  15.     <tr>New Password:  <align="center"><input required type="password" name="newpassword" id="newpassword" placeholder="" pattern="(?=.*d)(?=.*[A-Z]).{8,}">&nbsp;&nbsp;<input type="checkbox" onclick="togglepassword()"> Show Password<br /><br />
  16.     <tr></tr><br />
  17.  
  18.     <tr>Confirm Password:  <align="center"><input required type="password" name="newpassword2" id="newpassword2" placeholder="" pattern="(?=.*d)(?=.*[A-Z]).{8,}" onchange="confirmpwd()"><br />
  19.     <tr></tr><br />
  20.  
  21.     <tr>
  22.     <tr></tr><br />
  23.  
  24.     <tr><align="center"><input type="submit" name="pwdresetsubmit" id="pwdresetsubmit" value="Reset Password" onclick="return confirmpwd()" />&nbsp;&nbsp;&nbsp
  25.     <tr></tr><br />
  26.  
  27. </table>
  28.    
  29. <?php
  30.  
  31.     include 'insert.php';
  32.  
  33.     if(isset($_SESSION['ondashsession'])){
  34.  
  35.     $session = $_SESSION['ondashsession'];
  36.  
  37.     $sql = "SELECT * FROM ondash_idaccount WHERE ID = '$session'";
  38.     $result = mysqli_query($dbcon, $sql) or die("Error");
  39.  
  40.  
  41. while($row = mysqli_fetch_assoc($result)){
  42.      echo "You are already logged in,  " . $row['firstname'] . "." . "<br />";
  43. }
  44. }else{
  45.  
  46.  
  47.  
  48. if (isset($_POST['pwdresetsubmit'])) {
  49.  
  50.   $newpassword2 = $_POST['newpassword2'];
  51.   $ipaddress = $_SERVER['REMOTE ADDR'];
  52.   // Grab token and email that came from the email link
  53.   $token = $_GET['token'];
  54.   $email = $_GET['email'];
  55.  
  56.  //echo "Token:  " . $token . "<br />" . "Email:  " . $email; //returns correct info working properly.
  57.  
  58.  
  59.  // select email address of user from the password_reset table
  60.  
  61.     $sqlnewpass = "SELECT * FROM password_resets WHERE token='$token' AND email='$email'";
  62.     $results = mysqli_query($dbcon, $sqlnewpass);
  63.  
  64.  
  65. if (mysqli_num_rows($results) > 0 ){
  66.     $row = mysqli_fetch_assoc($results);
  67.  
  68. //  print_r($row['email']); //returns correct result
  69. //  print_r("# of rows:  " . $numrows);  //returns correct result
  70.  
  71. //WORKS UP TO HERE...WORKS UP TO HERE...WORKS UP TO HERE...WORKS UP TO HERE...WORKS UP TO HERE...WORKS UP TO HERE...
  72.  
  73.     $sql2 = "UPDATE ondash_idaccount SET `password`=?, `ipaddress`=? WHERE `email`='$email'";
  74.     $stmt2 = mysqli_stmt_init($dbcon);
  75.  
  76. if(!mysqli_stmt_prepare($stmt2, $sql2)){
  77.     echo "SQL error" . $dbcon->error;
  78. }else{
  79.  
  80.     $hashedpassword = password_hash($newpassword2, PASSWORD_DEFAULT);
  81.     //var_dump($hashedpassword); //generating hash pwd works but not updating database
  82.  
  83.  
  84.     mysqli_stmt_bind_param($stmt2, "ss", $hashedpassword, $ipaddress);
  85.     mysqli_stmt_execute($stmt2);
  86.     $stmt2->close();
  87.     error_reporting(E_ALL);
  88. //  echo "SQL 2 error" . $dbcon->error; //No errors reporting
  89.  
  90.     $UsedToken = 'UsedToken';
  91.  
  92.     "UPDATE password_resets SET `used`='$UsedToken', `ipaddress`='$ipaddress' WHERE `token`='$token' AND `email`='$email'";
  93.  
  94.  
  95. }
  96. }
  97. }
  98.  
  99. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top