-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathforgotpassword.php
More file actions
122 lines (116 loc) · 5.83 KB
/
forgotpassword.php
File metadata and controls
122 lines (116 loc) · 5.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
<?php
include('header.php')
?>
<head>
<title>Login Form</title>
<link rel="stylesheet" type="text/css" href="css\LoginStyle.css">
</head>
<body>
<?php
if (isset($_GET['error'])) {
if ($_GET['error'] == "wrongemail") {
echo '<div class="loginerror"><p>Het opgegeven e-mailadres bestaat niet!</p></div>';
}
else if ($_GET['error'] == "sqlerror") {
echo '<div class="loginerror"><p>Er is iets foutgegaan (sqlerror)</p></div>';
}
} else if (isset($_GET['success'])) {
if ($_GET['success'] == "send") {
echo '<div class="loginerror"><p>We hebben een bevestigingsmail naar het opgegeven adres verzonden!</p></div>';
}
//checks if website should show the reset password form or the normal form for sending a reset password mail
} else if(isset($_GET['setpassword'])){
require 'includes/dbh.inc.php';
// Include decryption function
include('encrypt_decrypt.php');
//proces verification
$resetpassword = $_GET['setpassword'];
$key = $_GET['key'];
// Decrypt username with length of username as key
$decrypted_txt = encrypt_decrypt('decrypt', $resetpassword, $key);
// Checks if given decrypted text (mail) exists in database else send error message
$sql = "SELECT emailUser, usernameUser FROM User WHERE emailUser = '$decrypted_txt'";
$statement = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($statement, $sql)) {
echo '<div class="loginerror"><p>Er is iets foutgegaan (sqlerror)</p></div>';
}
else {
mysqli_stmt_execute($statement);
$result = mysqli_stmt_get_result($statement);
$row = mysqli_fetch_assoc($result);
$username = $row['usernameUser'];
//if email not found in database, give error message
if (empty($row['emailUser'])) {
echo '<div class="loginerror"><p>Het opgegeven e-mailadres bestaat niet meer!</p></div>';
}
//if email is found in database, check when user clicks on submit button
else{
if (isset($_POST['password-submit'])){
//checks if given password and repeat password are the same input
if($_POST['newPassword'] !== $_POST['repeatNewPassword']){
echo '<div class="loginerror"><p>Wachtwoorden komen niet overeen!</p></div>';
} else {
//hash password
$hashedPwd = password_hash($_POST['newPassword'], PASSWORD_DEFAULT);
$sql = "UPDATE User SET passUser = '$hashedPwd' WHERE emailUser = '$decrypted_txt' LIMIT 1";
$statement = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($statement, $sql)) {
echo '<div class="loginerror"><p>Er is iets foutgegaan (sqlerror)</p></div>';
}
else {
//update password in database
mysqli_stmt_execute($statement);
if(!isset($_SESSION['userId'])){
echo "<script type='text/javascript'> document.location = 'loginpagina?success=updatesuccess'; </script>";
} else {
echo "<script type='text/javascript'> document.location = 'profilepage?success=updatesuccess'; </script>";
}
}
}
}
?>
<div class="wrapper">
<div class="loginbox">
<form action="" method="post">
<br>
<h1>Wachtwoord wijzigen</h1>
<p style="text-align:left">Nieuwe wachtwoord</p>
<input type="password" name="newPassword" minlength="10" placeholder="Nieuwe wachtwoord..." required>
<br>
<p style="text-align:left">Herhaal nieuwe wachtwoord</p>
<input type="password" name="repeatNewPassword" placeholder="Herhaal nieuwe wachtwoord..." minlength="10" required>
<br>
<button type="submit" name="password-submit">Wijzig wachtwoord</button>
<br><br>
</form>
</div>
</div>
<?php
}
}
}
//checks if website should show the reset password form or the normal form for sending a reset password mail
if(!isset($_GET['setpassword'])){
?>
<div class="wrapper">
<div class="loginbox">
<form action="PHPMailer/sendmail.php" method="post">
<br>
<h1>Wachtwoord opnieuw instellen</h1>
<p style="text-align:left">E-mail</p>
<input type="text" name="mailId" placeholder="E-mailadres..." required>
<br>
<button type="submit" name="mail-submit">Stuur een bevestigingsmail</button>
<br><br>
<a href="loginpagina.php">Inloggen</a>
</form>
</div>
</div>
<?php
}
?>
</body>
<?php
include('footer.php');
include('feedback.php');
?>