UserManagementSystem/password_reset_final.php at main · IsmailSebz/UserManagementSystem · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<?php
    include_once 'includes/header.php';

    // Initialize variables
    $errors = [];
    $reset_code = $_POST['Reset_Code'] ?? null;
    $new_password = $_POST['new_password'] ?? null;
    $confirm_password = $_POST['confirm_password'] ?? null;

    // Check if the form is submitted
    if (isset($_POST['submit'])) {
        // Validate the reset code, new password, and confirm password
        if (empty($reset_code)) {
            $errors[] = "Reset code is required.";
        }
        if (empty($new_password)) {
            $errors[] = "New password is required.";
        }
        if (empty($confirm_password)) {
            $errors[] = "Confirm password is required.";
        }
        if ($new_password !== $confirm_password) {
            $errors[] = "Passwords do not match.";
        }

        // If no errors, proceed with verification
        if (empty($errors)) {
            // Check if the reset code is valid and not expired
            $stmt = $conn->prepare("SELECT id, reset_token_expires_at FROM users WHERE reset_token = ?");
            $stmt->bind_param("s", $reset_code);
            $stmt->execute();
            $result = $stmt->get_result();

            if ($result->num_rows === 1) {
                $user = $result->fetch_assoc();
                $expiry_time = $user['reset_token_expires_at'];

                // Check if the reset token has expired
                if (strtotime($expiry_time) > time()) {
                    // Hash the new password
                    $hashed_password = password_hash($new_password, PASSWORD_DEFAULT);

                    // Update the user's password and clear the reset token
                    $update_stmt = $conn->prepare("UPDATE users SET password = ?, reset_token = NULL, reset_token_expires_at = NULL WHERE id = ?");
                    $update_stmt->bind_param("si", $hashed_password, $user['id']);
                    $update_stmt->execute();

                    if ($update_stmt->affected_rows === 1) {
                        // Password updated successfully
                        echo "<div class='alert success'>Password updated successfully. You can now <a href='login.php'>login</a> with your new password.</div>";
                    } else {
                        $errors[] = "Failed to update password.";
                    }
                } else {
                    $errors[] = "Reset code has expired.";
                }
            } else {
                $errors[] = "Invalid reset code.";
            }
        }
    }
?>

<h2>Reset Password</h2>
<div class="form-container">

    <?php if (!empty($errors)): ?>
        <div class="alert error">
            <ul>
                <?php foreach ($errors as $error): ?>
                    <li><?php echo $error; ?></li>
                <?php endforeach; ?>
            </ul>
        </div>
    <?php endif; ?>

    <div class="form-group">
        <form action="password_reset_final.php" method="post">
            <label for="Reset_Code">Verification Code</label>
            <input type="text" name="Reset_Code" placeholder="Enter Reset code sent to your email" required><br><br>

            <label for="new_password">New Password</label>
            <input type="password" name="new_password" placeholder="Enter new password" required><br><br>

            <label for="confirm_password">Confirm Password</label>
            <input type="password" name="confirm_password" placeholder="Re-enter new password" required><br><br>

            <input type="submit" name="submit" value="Submit">
        </form>
    </div>
</div>

<?php
    include_once 'includes/footer.php';
?>