-
Notifications
You must be signed in to change notification settings - Fork 2
/
Change.php
57 lines (46 loc) · 1.74 KB
/
Change.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
<?php
//Connect to SQL
$username = "root";
$password = "";
$host = "localhost";
$dbname = "taskhub";
try {
$conn = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password);
}
catch(PDOException $ex) {
$msg = "Failed to connect to the database";
}
//Was the form submitted?
if (isset($_POST["ForgotPassword"])) {
//Harvest submitted email address
if (filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
$email = $_POST["email"];
}
else {
echo "Email is not valid";
exit;
}
//Ensure user exists with this email
$query = (new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password))->prepare('SELECT username FROM users WHERE username = :email');
$query->bindParam(':email', $email);
$query->execute();
$userExists = $query->fetch(PDO::FETCH_ASSOC);
$conn = null;
if ($userExists["username"]) {
//Create a unique salt. This will never leave PHP unencrypted.
$salt = "498#2D83B631%3800EBD!801600D*7E3CC13";
//Create password reset key
$password = hash('sha512', $salt.$userExists["username"]);
//Create URL to reset passwork
$pwrurl = "http://localhost/project/reset_password.php?q=".$password;
//Mail reset link
$mailbody = "Dear user,\n\nIt appears that you have requested a password reset at TaskHub\n\nTo reset your password, please click the link below. If you cannot click it, please paste it into your web browser's address bar.\n\n" . $pwrurl . "\n\nThanks,\nThe Administration";
$headers = 'From: [email protected]' . "\r\n";
mail($userExists["username"], "TaskHub Password Reset", $mailbody, $headers);
echo "Your password recovery key has been sent to your email address.";
}
else {
echo "No user with that email address exists.";
}
}
?>