-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathreset_password.php
38 lines (28 loc) · 1.14 KB
/
reset_password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
<?php
/*
Hello! Just two processes goes here:
1. Password reset process
2. Updates database with new user password
*/
require 'db.php';
session_start();
//Hey! Make sure the form is being submitted with method="post"
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//Hey! Make sure the two passwords match
if ( $_POST['newpassword'] == $_POST['confirmpassword'] ) {
$new_password = password_hash($_POST['newpassword'], PASSWORD_BCRYPT);
//Yeah! We get $_POST['email'] and $_POST['hash'] from the hidden input field of reset.php form
$email = $mysqli->escape_string($_POST['email']);
$hash = $mysqli->escape_string($_POST['hash']);
$sql = "UPDATE users SET password='$new_password', hash='$hash' WHERE email='$email'";
if ( $mysqli->query($sql) ) {
$_SESSION['message'] = "Your password has been reset successfully!";
header("location: success.php");
}
}
else {
$_SESSION['message'] = "Two passwords you entered don't match, try again!";
header("location: error.php"); //This will only run if you there's an error
}
}
?>