Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include_once dirname(dirname(dirname(__FILE__))) . "/const.php";
- include_once PHP_PATH . "../config1.php";
- // Logic to validate username / generate temporary password to reset it.
- if (isset($_POST ['cspwd_submit'])) {
- $username = trim($_POST['uname']);
- $temp = trim($_POST['temp_password']);
- var_dump($temp);
- $newpass = trim($_POST['new_password']);
- $confirm = trim($_POST['con_password']);
- //Check if the passwrod and confirm passwords are same
- if($newpass != $confirm){
- die("The password and new password does not match.");
- }
- $temp = stripslashes($temp);
- $pass = stripslashes($newpass);
- $pass = password_hash($pass, PASSWORD_DEFAULT);
- if(empty($pass) || empty($username) || empty($temp)){
- die("Username and passwords cannot be left blank");
- }
- $zero = 0;
- $query = "select pk_staff_id, temp_password from tbl_staff where email = '$username' and active = '$zero'";
- var_dump($query);
- $stmt = $conn->prepare($query);
- $stmt->execute();
- $res = [];
- $res = $stmt->fetch(PDO::FETCH_ASSOC);
- if(empty($res['temp_password'])){
- die("The username does not exist.");
- }else{
- $hashed_password = $res['temp_password'];
- var_dump($hashed_password);
- $pkid = $res['pk_staff_id'];
- if(password_verify($temp, $hashed_password))
- {
- $active = 1;
- $query = "update tbl_staff set password = '$pass', temp_password = '', active = '$active' where pk_staff_id = '$pkid'";
- var_dump($query);
- $stmt = $conn->prepare($query);
- if($stmt->execute()){
- //Successful.
- header('location: ../../view/index.php');
- }else{
- die("Error: ". $stmt->errorInfo());
- }
- }
- else{
- die("The temporary password does not match.");
- }
- }
- }
- ?>
Add Comment
Please, Sign In to add comment
