102 lines
3.5 KiB
PHP
102 lines
3.5 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
@ini_set('display_errors', '1');
|
|
@error_reporting(E_ALL);
|
|
@date_default_timezone_set('UTC');
|
|
|
|
require_once __DIR__ . '/db/config.php';
|
|
|
|
$token = $_GET['token'] ?? '';
|
|
$message = '';
|
|
$show_form = false;
|
|
|
|
if (empty($token)) {
|
|
$message = 'Invalid password reset token.';
|
|
} else {
|
|
try {
|
|
$pdo = db();
|
|
$stmt = $pdo->prepare("SELECT * FROM password_resets WHERE token = ? AND expires_at > NOW()");
|
|
$stmt->execute([$token]);
|
|
$reset_request = $stmt->fetch();
|
|
|
|
if ($reset_request) {
|
|
$show_form = true;
|
|
} else {
|
|
$message = 'Invalid or expired password reset token.';
|
|
}
|
|
} catch (PDOException $e) {
|
|
$message = 'Database error: ' . $e->getMessage();
|
|
}
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$password = $_POST['password'] ?? '';
|
|
$password_confirm = $_POST['password_confirm'] ?? '';
|
|
|
|
if (empty($password) || empty($password_confirm)) {
|
|
$message = 'Please enter and confirm your new password.';
|
|
} elseif ($password !== $password_confirm) {
|
|
$message = 'Passwords do not match.';
|
|
} else {
|
|
try {
|
|
$pdo = db();
|
|
$stmt = $pdo->prepare("SELECT * FROM password_resets WHERE token = ? AND expires_at > NOW()");
|
|
$stmt->execute([$token]);
|
|
$reset_request = $stmt->fetch();
|
|
|
|
if ($reset_request) {
|
|
$email = $reset_request['email'];
|
|
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
|
|
|
|
// Update user's password
|
|
$stmt = $pdo->prepare("UPDATE users SET password = ? WHERE email = ?");
|
|
$stmt->execute([$hashed_password, $email]);
|
|
|
|
// Delete the reset token
|
|
$stmt = $pdo->prepare("DELETE FROM password_resets WHERE token = ?");
|
|
$stmt->execute([$token]);
|
|
|
|
$message = 'Your password has been reset successfully. You can now <a href="index.php">login</a> with your new password.';
|
|
$show_form = false;
|
|
} else {
|
|
$message = 'Invalid or expired password reset token.';
|
|
}
|
|
} catch (PDOException $e) {
|
|
$message = 'Database error: ' . $e->getMessage();
|
|
}
|
|
}
|
|
}
|
|
|
|
require_once __DIR__ . '/includes/header.php';
|
|
?>
|
|
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-md-6 offset-md-3">
|
|
<h2>Reset Password</h2>
|
|
|
|
<?php if ($message): ?>
|
|
<div class="alert alert-info" role="alert">
|
|
<?php echo $message; ?>
|
|
</div>
|
|
<?php endif; ?>
|
|
|
|
<?php if ($show_form): ?>
|
|
<form method="POST">
|
|
<div class="mb-3">
|
|
<label for="password" class="form-label">New Password</label>
|
|
<input type="password" class="form-control" id="password" name="password" required>
|
|
</div>
|
|
<div class="mb-3">
|
|
<label for="password_confirm" class="form-label">Confirm New Password</label>
|
|
<input type="password" class="form-control" id="password_confirm" name="password_confirm" required>
|
|
</div>
|
|
<button type="submit" class="btn btn-primary">Reset Password</button>
|
|
</form>
|
|
<?php endif; ?>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<?php require_once __DIR__ . '/includes/footer.php'; ?>
|