OpenCAD-php-dev/reset-password.php at release/stable · cnewman3172/OpenCAD-php-dev · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
<?php
require_once(__DIR__ . "/oc-config.php");
if (isset($_GET["key"]) && isset($_GET["email"]) && isset($_GET["action"])
    && ($_GET["action"]=="reset") && !isset($_POST["action"])){
    $key = $_GET["key"];
    $email = $_GET["email"];
    $curDate = date("Y-m-d H:i:s");
    $con = PDO::prepare("INSERT INTO ".DB_PREFIX."password_reset_temp (`email`, `key`, `expDate`)
VALUES ('?', '?', '?');");
    $query = mysqli_query($con,
        "SELECT * FROM ".DBPREFIX."password_reset_temp` WHERE `key`='".$key."' and `email`='".$email."';"
    );
    $row = mysqli_num_rows($query);
    if ($row==""){
        $error = '<h2>Invalid Link</h2>
<p>The link is invalid/expired. Either you did not copy the correct link
from the email, or you have already used the key in which case it is
deactivated.</p>
<p><a href="https://'.$_SERVER['SERVER_NAME'].'/index.php">
Click here</a> to reset password.</p>';
    }else{
        $row = mysqli_fetch_assoc($query);
        $expDate = $row['expDate'];
        if ($expDate >= $curDate){
            ?>
            <br />
            <form method="post" action="" name="update">
                <input type="hidden" name="action" value="update" />
                <br /><br />
                <label><strong>Enter New Password:</strong></label><br />
                <input type="password" name="pass1" maxlength="15" required />
                <br /><br />
                <label><strong>Re-Enter New Password:</strong></label><br />
                <input type="password" name="pass2" maxlength="15" required/>
                <br /><br />
                <input type="hidden" name="email" value="<?php echo $email;?>"/>
                <input type="submit" value="Reset Password" />
            </form>
            <?php
        }else{
            $error = "<h2>Link Expired</h2>
<p>The link is expired. You are trying to use the expired link which
as valid only 24 hours (1 days after request).<br /><br /></p>";
        }
    }
    if($error!=""){
        echo "<div class='error'>".$error."</div><br />";
    }
} // isset email key validate end


if(isset($_POST["email"]) && isset($_POST["action"]) &&
    ($_POST["action"]=="update")){
    $error="";
    $pass1 = mysqli_real_escape_string($con,$_POST["pass1"]);
    $pass2 = mysqli_real_escape_string($con,$_POST["pass2"]);
    $email = $_POST["email"];
    $curDate = date("Y-m-d H:i:s");
    if ($pass1!=$pass2){
        $error.= "<p>Password do not match, both password should be same.<br /><br /></p>";
    }
    if($error!=""){
        echo "<div class='error'>".$error."</div><br />";
    }else{
        $pass1 = md5($pass1);
        mysqli_query($con,
            "UPDATE ".DB_PREFIX."users SET `password`='".$pass1."', `trn_date`='".$curDate."'
WHERE `email`='".$email."';"
        );

        mysqli_query($con,"DELETE FROM ".DB_PREFIX."password_reset_temp WHERE `email`='".$email."';");

        echo '<div class="error"><p>Congratulations! Your password has been updated successfully.</p>
<p><a href="https://'.$_SERVER['SERVER_NAME'].'/index.php">
Click here</a> to Login.</p></div><br />';
    }
}
?>