-
Notifications
You must be signed in to change notification settings - Fork 7
/
reset.php
160 lines (138 loc) · 5.21 KB
/
reset.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
<?php
include 'frontend/menu.php';
include_once 'config/config.php';
?>
<head>
<meta name="viewport" content="initial-scale=1.0, user-scalable=no" />
<meta http-equiv="content-type" content="text/html; charset=UTF-8"/>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
<?php
menu();
$error = '';
$name = '';
$email = '';
$subject = '';
$message = '';
function password_generate($chars)
{
$data = '1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcefghijklmnopqrstuvwxyz';
return substr(str_shuffle($data), 0, $chars);
}
function clean_text($string)
{
$string = trim($string);
$string = stripslashes($string);
$string = htmlspecialchars($string);
return $string;
}
if(isset($_POST["submit"]))
{
$checkquery = "SELECT * from users WHERE email='".$_POST["email"]."'";
if(!mysqli_query($conn,$checkquery))
{
$error .= '<p><label class="text-danger">SQL ERROR</label></p>';
}
else
{}
$checkmail = $conn->query($checkquery);
$row = $checkmail->fetch_array(MYSQLI_NUM);
$useremail = $row[1];
$username = $row[2];
if (!$useremail) {
$error .= '<p><label class="text-danger">User with this email does not exist</label></p>';
}
if(empty($_POST["email"]))
{
$error .= '<p><label class="text-danger">Please Enter your Email</label></p>';
}
else
{
$email = clean_text($_POST["email"]);
if(!filter_var($email, FILTER_VALIDATE_EMAIL))
{
$error .= '<p><label class="text-danger">Invalid email format</label></p>';
}
}
if($error == '')
{
require 'static/scripts/class.phpmailer.php';
$token = password_generate(7);
$storetoken = "INSERT IGNORE INTO reset (uname, email, token) VALUES ('$username','$useremail','$token') ON DUPLICATE KEY UPDATE uname='$username', email='$useremail', token='$token';";
if(!mysqli_query($conn,$storetoken))
{}
else
{}
$mail = new PHPMailer;
$mail->IsSMTP(); //Sets Mailer to send message using SMTP
$mail->Host = $mailhost; //Sets the SMTP hosts of your Email hosting, this for Godaddy
$mail->Port = $mailport; //Sets the default SMTP server port
$mail->SMTPAuth = true; //Sets SMTP authentication. Utilizes the Username and Password variables
$mail->Username = $mailuser; //Sets SMTP username
$mail->Password = $mailpass; //Sets SMTP password
$mail->SMTPSecure = $mailauthtype; //Sets connection prefix. Options are "", "ssl" or "tls"
$mail->From = $resetsendermail; //Sets the From email address for the message
$mail->FromName = $resetsendername; //Sets the From name of the message
$mail->AddAddress($mailemail, 'Name'); //Adds a "To" address
$mail->AddCC($_POST["email"], ''); //Adds a "Cc" address
$mail->WordWrap = 50; //Sets word wrapping on the body of the message to a given number of characters
$mail->IsHTML(true); //Sets message type to HTML
$mail->Subject = $resetsubject; //Sets the Subject of the message
$mail->Body = 'You requested a password reset<br>Reset password using this link: '.$viewurl.'/reset.php?token='.$token; //An HTML or plain text message body
if($mail->Send()) //Send an Email. Return true on success or false on error
{
$error = '<label class="text-success">A mail has been sent. use the reset-link that was sent to you</label>';
}
else
{
$error = '<label class="text-danger">There is an Error</label>';
}
$name = '';
$email = '';
$subject = '';
$message = '';
}
}?>
<?php
if (!isset($_GET['token'])) {?>
<!DOCTYPE html>
<center>
<h3 align="center">Reset password</h3>
<br />
<form method="post" id="feedback">
<div class="form-group">
<label>Email</label>
<input type="text" name="email" class="form-control" placeholder="Enter Email" value="<?php echo $email; ?>" />
</div>
<div class="form-group" align="center">
<input type="submit" name="submit" value="Reset" class="btn btn-info" />
</div>
<?php echo $error; ?>
</form>
</center><?php } else {
// Get user/email from token
$fetchtoken = "SELECT uname,email from reset WHERE token='".$_GET['token']."'";
if(!mysqli_query($conn,$fetchtoken))
{
$error .= '<p><label class="text-danger">SQL ERROR</label></p>';
}
else
{}
$fetched = $conn->query($fetchtoken);
$row = $fetched->fetch_array(MYSQLI_NUM);
$fetchedname = $row[0];
$fetchedmail = $row[1];
// Insert new pass using token
$newpass = password_generate(10);
$resetpass = "UPDATE users SET upass='".md5($newpass)."' WHERE uname='".$fetchedname."'";
if(!mysqli_query($conn,$resetpass))
{
echo '<center><p><label class="text-danger">SQL ERROR</label></p></center>';
}
else
{}
if (!$fetchedname){echo "<center><p><label class=\"text-danger\">INVALID TOKEN</label></p></center>";} else {
echo "<center><p><label class=\"text-danger\">Password reset. New password '".$newpass."'</label></p></center>";
mysqli_query($conn,"DELETE FROM reset WHERE token='".$_GET['token']."'");
}
}?>
<footer></footer>