-
Notifications
You must be signed in to change notification settings - Fork 0
/
password-reset.php
154 lines (146 loc) · 6.28 KB
/
password-reset.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
<?
/*****************************************************
Developer: macdonaldgeek
Email: [email protected]
Phone: +255-657-567401/+254-717-667201/+44-744-0579061
Twitter: @macdonaldgeek
COPYRIGHT ©2014 RESTAURANT SCRIPT. ALL RIGHTS RESERVED
******************************************************/
?>
<?php
require_once('admin/locale.php');
?>
<?php
//Start session
session_start();
//checking connection and connecting to a database
require_once('connection/config.php');
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
?>
<?php
if(isset($_POST['Submit'])){
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//get email
$email = clean($_POST['email']);
//selecting a specific record from the members table. Return an error if there are no records in the table
$result=mysql_query("SELECT * FROM members WHERE login='$email'")
or die("A problem has occured ... \n" . "Our team is working on it at the moment ... \n" . "Please check back after few hours.");
}
?>
<?php
if(isset($_POST['Change'])){
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
if(trim($_SESSION['member_id']) != ''){
$member_id=$_SESSION['member_id']; //gets member id from session
//get answer and new password from form
$answer = clean($_POST['answer']);
$new_password = clean($_POST['new_password']);
// update the entry
$result = mysql_query("UPDATE members SET passwd='".md5($_POST['new_password'])."' WHERE member_id='$member_id' AND answer='".md5($_POST['answer'])."'")
or die("A problem has occured ... \n" . "Our team is working on it at the moment ... \n" . "Please check back after few hours. \n");
if($result){
unset($_SESSION['member_id']);
header("Location: reset-success.php"); //redirect to reset success page
}
else{
unset($_SESSION['member_id']);
header("Location: reset-failed.php"); //redirect to reset failed page
}
}
else{
unset($_SESSION['member_id']);
header("Location: reset-failed.php"); //redirect to reset failed page
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title><?php echo $name ?>:Password Reset</title>
<link href="stylesheets/user_styles.css" rel="stylesheet" type="text/css" />
<script language="JavaScript" src="validation/user.js">
</script>
</head>
<body>
<div id="reset">
<div style="border:#bd6f2f solid 1px;padding:4px 6px 2px 6px">
<form name="passwordResetForm" id="passwordResetForm" method="post" action="password-reset.php" onsubmit="return passwordResetValidate(this)">
<table width="360" border="1" style="text-align:center;">
<tr>
<th>Account Email</th>
<td width="168"><input name="email" type="email" class="textfield" id="email" maxlength="35" placeholder="provide registered email" required/></td>
<td><input type="submit" name="Submit" value="Check" /></td>
</tr>
</table>
</form>
<?php
if(isset($_POST['Submit'])){
$row=mysql_fetch_assoc($result);
$_SESSION['member_id']=$row['member_id']; //creates a member id session
session_write_close(); //closes session
$question_id=$row['question_id'];
//get question text based on question_id
$question=mysql_query("SELECT * FROM questions WHERE question_id='$question_id'")
or die("A problem has occured ... \n" . "Our team is working on it at the moment ... \n" . "Please check back after few hours.");
$question_row=mysql_fetch_assoc($question);
$question=$question_row['question_text'];
if($question!=""){
echo "<b>Your Member ID:</b> ".$_SESSION['member_id']."<br>";
echo "<b>Your Security Question:</b> ".$question;
}
else{
echo "<b>Your Security Question:</b> THIS ACCOUNT DOES NOT EXIST! PLEASE CHECK YOUR EMAIL AND TRY AGAIN.";
}
}
?>
<hr>
<form name="passwordResetForm" id="passwordResetForm" method="post" action="password-reset.php" onsubmit="return passwordResetValidate_2(this)">
<table width="360" border="1" style="text-align:center;">
<tr>
<td colspan="2" style="text-align:center;"><font color="#FF0000">* </font>Required fields</td>
</tr>
<tr>
<th>Your Security Answer</th>
<td width="168"><font color="#FF0000">* </font><input name="answer" type="text" class="textfield" id="answer" maxlength="15" placeholder="provide registered answer" required/></td>
</tr>
<tr>
<th>New Password</th>
<td width="168"><font color="#FF0000">* </font><input name="new_password" type="password" class="textfield" id="new_password" maxlength="25" placeholder="provide a new password" required/></td>
</tr>
<tr>
<th>Confirm New Password</th>
<td width="168"><font color="#FF0000">* </font><input name="confirm_new_password" type="password" class="textfield" id="confirm_new_password" maxlength="25" placeholder="repeat your new password" required/></td>
</tr>
<tr>
<td colspan="2"><input type="reset" name="Reset" value="Clear Fields" /><input type="submit" name="Change" value="Change Password" /></td>
</tr>
</table>
</form>
</div>
</div>
</body>
</html>