-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathreset.php
34 lines (26 loc) · 1.2 KB
/
reset.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<?php
require_once('inc_db.php');
require_once('inc_lib.php');
require_once('inc_mail.php');
require_once('inc_session.php');
$email=trim($_REQUEST['e']);
$hash=trim($_REQUEST['h']);
$pw=trim($_REQUEST['pw']);
$user=mysqli_fetch_assoc(execQuery("SELECT * FROM users WHERE email=\"".mysqli_escape($email)."\""));
// ensure that user exists
if ($user['id']<1) die("No such user or email.");
// handle user request to send reset code by email
if ($hash=='')
{
$hash=md5(nicePassword(32));
execQuery("UPDATE users SET passResetCode='".$hash."' WHERE id=".$user['id']);
sendmailPHP("[email protected]",$user['email'],"Password reset code for FW Profile editor","Dear user.\nPassword reset code for you is following:\n\n".$hash);
die("ok");
}
// ensure that user has valid reset link (compare hashes)
if ($hash!=$user['passResetCode']) die("Wrong reset code provided.");
// user submitted the form to change password. User exissts. User reset code matches. Change password
if ($pw=='') die("Password must not be empty");
execQuery("UPDATE users SET pass=\"".md5($pw)."\", passResetCode='' WHERE id=".$user['id']);
echo "changed";
?>