MAINHACK

Viewing / Editing File: auth-recoverpw.php

<?php
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;

require 'PHPMailer/src/PHPMailer.php';
require 'PHPMailer/src/SMTP.php';
require 'PHPMailer/src/Exception.php';

include("functions.php");

$login_message = "";

if (request_is_post() && request_is_same_domain()) {
    if (!csrf_token_is_valid() || !csrf_token_is_recent()) {
        $login_message = "<p class='alert alert-danger text-center' role='alert'>Sorry, Token Authentication invalid.</p>";
    } else {
        $email = test_input($_POST['email']);

// Secure query
        $stmt = mysqli_prepare($new, "SELECT school_email FROM schools WHERE school_email = ?");
        mysqli_stmt_bind_param($stmt, "s", $email);
        mysqli_stmt_execute($stmt);
        $result = mysqli_stmt_get_result($stmt);

if ($row = mysqli_fetch_assoc($result)) {
            $emailFound = $row['school_email'];

// Generate a strong random password
            $password = bin2hex(random_bytes(4)); // 8-char strong random password
            $hashed_password = password_hash($password, PASSWORD_BCRYPT, ['cost' => 12]);

// Update password securely
            $update = mysqli_prepare($new, "UPDATE schools SET password = ? WHERE school_email = ?");
            mysqli_stmt_bind_param($update, "ss", $hashed_password, $emailFound);
            mysqli_stmt_execute($update);

// Prepare email
            $msg = "Hello,<br><br>Your new password is:<br><strong>$password</strong><br><br>Please log in and change it immediately.";

$mail = new PHPMailer(true);

try {
                $mail->isSMTP();
                $mail->Host       = 'mail.shsadmissionportal.com';
                $mail->SMTPAuth   = true;
                $mail->Username   = 'noreply@shsadmissionportal.com';
                $mail->Password   = '&iU_&2eX]*oMsMb0';

// Use correct encryption & port
                $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; // For port 587
                $mail->Port       = 587;

$mail->setFrom('noreply@shsadmissionportal.com', 'Online Admission');
                $mail->addAddress($emailFound);

$mail->isHTML(true);
                $mail->Subject = 'Password Reset - New Password';
                $mail->Body    = $msg;
                $mail->AltBody = strip_tags($msg);

$mail->send();
                $login_message = "<p class='alert alert-success text-center' role='alert'>Check your email for the new password.</p>";
            } catch (Exception $e) {
                $login_message = "<p class='alert alert-danger text-center' role='alert'>
                    Email could not be sent. Mailer Error: {$mail->ErrorInfo}
                </p>";
            }
        } else {
            $login_message = "<p class='alert alert-danger text-center' role='alert'>This email does not exist in our system. Kindly register first.</p>";
        }
    }
}
?>

<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>Recover Password | Reset password</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta content="eliosof" name="author" />

<link href="assets/css/bootstrap.min.css" rel="stylesheet" type="text/css" />
<link href="assets/css/icons.min.css" rel="stylesheet" type="text/css" />
<link href="assets/css/app.min.css" rel="stylesheet" type="text/css" />

/* Reset Password Card */
.reset-card {
    background: rgba(255, 255, 255, 0.92);
    backdrop-filter: blur(8px);
    border-radius: 1rem;
    box-shadow: 0 10px 25px rgba(0,0,0,0.25);
    padding: 2rem;
    width: 100%;
    max-width: 420px;
    opacity: 0;
    transform: translateY(30px);
    animation: fadeSlideUp 0.8s ease-out forwards;
}

/* Animation */
@keyframes fadeSlideUp {
    to {
        opacity: 1;
        transform: translateY(0);
    }
}

h5 {
    font-weight: 600;
}
.form-control, .btn {
    border-radius: 0.5rem;
}
.btn-primary {
    background-color: #007bff;
    border: none;
}
.btn-primary:hover {
    background-color: #0069d9;
}
a {
    text-decoration: none;
}
</style>
</head>

<body>

<div class="reset-card">
    <div class="text-center mb-3">
        <h5>Reset Password</h5>
    </div>

<?php if($login_message != "") echo $login_message; ?>

<div class="mb-3">
            <label class="form-label">Email</label>
            <input type="email" required class="form-control" name="email" id="email"
                   placeholder="Enter email"
                   value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>">
            <div class="invalid-feedback">Please enter your email</div>
        </div>

<button class="btn btn-primary w-100 mt-3" type="submit" name="submit">Reset</button>
    </form>

<div class="text-center mt-3">
        <p class="text-muted mb-0">Remember it? 
            <a href="index" class="text-primary fw-semibold">Sign In</a>
        </p>
    </div>
</div>

<script src="assets/libs/jquery/jquery.min.js"></script>
<script src="assets/libs/bootstrap/js/bootstrap.bundle.min.js"></script>
<script src="assets/libs/feather-icons/feather.min.js"></script>
</body>
</html>

Cancel / Back

[ MAINHACK ]

Viewing / Editing File: auth-recoverpw.php

Server Info

System Features

User Info