admin/34968-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V11

Browse Source
This commit is contained in:
Flatlogic Bot 2025-10-15 04:36:26 +00:00
parent c3d7232b7a
commit e98192b894
5 changed files with 251 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
forgot_password.php Normal file
View File

@ -0,0 +1,74 @@
<?php
session_start();
require_once 'db/config.php';
require_once 'mail/MailService.php';
$page_title = "Forgot Password";
$message = '';
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['email'])) {
$email = $_POST['email'];
$db = db();
// Check if user with that email exists
$stmt = $db->prepare("SELECT * FROM users WHERE email = :email");
$stmt->bindParam(':email', $email);
$stmt->execute();
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if ($user) {
// Generate a unique token
$token = bin2hex(random_bytes(50));
// Store the token in the password_resets table
$stmt = $db->prepare("DELETE FROM password_resets WHERE email = :email");
$stmt->bindParam(':email', $email);
$stmt->execute();
$stmt = $db->prepare("INSERT INTO password_resets (email, token) VALUES (:email, :token)");
$stmt->bindParam(':email', $email);
$stmt->bindParam(':token', $token);
$stmt->execute();
// Send the password reset email
$reset_link = "http://" . $_SERVER['HTTP_HOST'] . "/reset_password.php?token=" . $token;
$subject = "Password Reset Request";
$body = "Click on this link to reset your password: <a href=''' . $reset_link . '''>''' . $reset_link . '''</a>";
MailService::sendMail($email, $subject, $body, strip_tags($body));
$message = "If an account with that email exists, a password reset link has been sent.";
} else {
$message = "If an account with that email exists, a password reset link has been sent.";
}
}
include 'header.php';
?>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h4>Forgot Password</h4>
</div>
<div class="card-body">
<?php if ($message): ?>
<div class="alert alert-info"><?php echo $message; ?></div>
<?php endif; ?>
<p>Please enter your email address. You will receive a link to create a new password via email.</p>
<form action="forgot_password.php" method="post">
<div class="form-group mb-3">
<label for="email">Email address</label>
<input type="email" class="form-control" id="email" name="email" required>
</div>
<button type="submit" class="btn btn-primary">Send Password Reset Email</button>
</form>
</div>
</div>
</div>
</div>
</div>
<?php include 'footer.php'; ?>

1
login.php
View File

@ -16,6 +16,7 @@
</form>
<div class="form-footer">
<p>Don't have an account? <a href="signup.php">Sign up</a></p>
<p><a href="forgot_password.php">Forgot your password?</a></p>
</div>
</div>
</main>

6
migrations/20251015_create_password_resets_table.sql Normal file
View File

@ -0,0 +1,6 @@
CREATE TABLE IF NOT EXISTS "password_resets" (
"email" varchar(255) NOT NULL,
"token" varchar(255) NOT NULL,
"created_at" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY ("email")
);

69
profile.php
View File

@ -18,14 +18,39 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['update_profile'])) {
$address = trim($_POST['address']);
if (empty($name) || empty($email)) {
$error = "Name and email are required.";
$profile_error = "Name and email are required.";
} else {
$p_update = $db->prepare("UPDATE users SET name = ?, email = ?, address = ? WHERE id = ?");
$p_update->execute([$name, $email, $address, $user_id]);
$success = "Profile updated successfully!";
$profile_success = "Profile updated successfully!";
}
}
// Handle password change
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['change_password'])) {
$current_password = $_POST['current_password'];
$new_password = $_POST['new_password'];
$confirm_password = $_POST['confirm_password'];
$p_user = $db->prepare("SELECT password FROM users WHERE id = ?");
$p_user->execute([$user_id]);
$user_data = $p_user->fetch();
if (empty($current_password) || empty($new_password) || empty($confirm_password)) {
$password_error = "All password fields are required.";
} elseif (!password_verify($current_password, $user_data['password'])) {
$password_error = "Incorrect current password.";
} elseif ($new_password !== $confirm_password) {
$password_error = "New passwords do not match.";
} else {
$hashed_password = password_hash($new_password, PASSWORD_DEFAULT);
$p_pass_update = $db->prepare("UPDATE users SET password = ? WHERE id = ?");
$p_pass_update->execute([$hashed_password, $user_id]);
$password_success = "Password changed successfully!";
}
}
// Fetch user data
$p_user = $db->prepare("SELECT * FROM users WHERE id = ?");
$p_user->execute([$user_id]);
@ -35,14 +60,16 @@ $user = $p_user->fetch();
?>
<div class="container mt-5">
<div class="row">
<div class="col-md-6">
<h2>My Profile</h2>
<hr>
<?php if (isset($success)): ?>
<div class="alert alert-success"><?php echo $success; ?></div>
<?php if (isset($profile_success)): ?>
<div class="alert alert-success"><?php echo $profile_success; ?></div>
<?php endif; ?>
<?php if (isset($error)): ?>
<div class="alert alert-danger"><?php echo $error; ?></div>
<?php if (isset($profile_error)): ?>
<div class="alert alert-danger"><?php echo $profile_error; ?></div>
<?php endif; ?>
<form method="POST" action="profile.php">
@ -60,6 +87,36 @@ $user = $p_user->fetch();
</div>
<button type="submit" name="update_profile" class="btn btn-primary">Update Profile</button>
</form>
</div>
<div class="col-md-6">
<h2>Change Password</h2>
<hr>
<?php if (isset($password_success)): ?>
<div class="alert alert-success"><?php echo $password_success; ?></div>
<?php endif; ?>
<?php if (isset($password_error)): ?>
<div class="alert alert-danger"><?php echo $password_error; ?></div>
<?php endif; ?>
<form method="POST" action="profile.php">
<div class="mb-3">
<label for="current_password" class="form-label">Current Password</label>
<input type="password" class="form-control" id="current_password" name="current_password" required>
</div>
<div class="mb-3">
<label for="new_password" class="form-label">New Password</label>
<input type="password" class="form-control" id="new_password" name="new_password" required>
</div>
<div class="mb-3">
<label for="confirm_password" class="form-label">Confirm New Password</label>
<input type="password" class="form-control" id="confirm_password" name="confirm_password" required>
</div>
<button type="submit" name="change_password" class="btn btn-primary">Change Password</button>
</form>
</div>
</div>
<div class="mt-5">
<a href="order_history.php" class="btn btn-secondary">View Order History</a>

89
reset_password.php Normal file
View File

@ -0,0 +1,89 @@
<?php
session_start();
require_once 'db/config.php';
$page_title = "Reset Password";
$token = $_GET['token'] ?? null;
$message = '';
$error = '';
$show_form = false;
if (!$token) {
$error = "Invalid password reset token.";
} else {
$db = db();
$stmt = $db->prepare("SELECT * FROM password_resets WHERE token = :token AND created_at > NOW() - INTERVAL 1 HOUR");
$stmt->bindParam(':token', $token);
$stmt->execute();
$reset_request = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$reset_request) {
$error = "Invalid or expired password reset token.";
} else {
$show_form = true;
$email = $reset_request['email'];
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['password']) && isset($_POST['password_confirm'])) {
$password = $_POST['password'];
$password_confirm = $_POST['password_confirm'];
if ($password !== $password_confirm) {
$error = "Passwords do not match.";
} else {
// Update user's password
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$stmt = $db->prepare("UPDATE users SET password = :password WHERE email = :email");
$stmt->bindParam(':password', $hashed_password);
$stmt->bindParam(':email', $email);
$stmt->execute();
// Delete the reset token
$stmt = $db->prepare("DELETE FROM password_resets WHERE email = :email");
$stmt->bindParam(':email', $email);
$stmt->execute();
$message = "Your password has been reset successfully. You can now log in with your new password.";
$show_form = false;
}
}
}
}
include 'header.php';
?>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h4>Reset Password</h4>
</div>
<div class="card-body">
<?php if ($message): ?>
<div class="alert alert-success"><?php echo $message; ?></div>
<a href="login.php" class="btn btn-primary">Go to Login</a>
<?php elseif ($error): ?>
<div class="alert alert-danger"><?php echo $error; ?></div>
<?php endif; ?>
<?php if ($show_form): ?>
<form action="reset_password.php?token=<?php echo htmlspecialchars($token); ?>" method="post">
<div class="form-group mb-3">
<label for="password">New Password</label>
<input type="password" class="form-control" id="password" name="password" required>
</div>
<div class="form-group mb-3">
<label for="password_confirm">Confirm New Password</label>
<input type="password" class="form-control" id="password_confirm" name="password_confirm" required>
</div>
<button type="submit" class="btn btn-primary">Reset Password</button>
</form>
<?php endif; ?>
</div>
</div>
</div>
</div>
</div>
<?php include 'footer.php'; ?>