MAINHACK

Viewing / Editing File: change-password.php

<?php include("functions.php");
error_reporting(0);

if(request_is_post() && request_is_same_domain()) {
if(!csrf_token_is_valid() || !csrf_token_is_recent()) {
$response = "<p class='alert alert-danger text-center ' role='alert'>Sorry, Token Authentication invalid.</p>";
$_SESSION['response'] = $response;
}
else {
$email = h($email);
$email = dirty_html($email);
$email = sql_prep($_POST['email']);

$password = h($password);
$password = dirty_html($password);
$password = sql_prep($_POST['password']);

$confirm_password = h($confirm_password);
$confirm_password = dirty_html($confirm_password);
$confirm_password = sql_prep($_POST['confirm_password']);

$reset_token = h($reset_token);
$reset_token = dirty_html($reset_token);
$reset_token = sql_prep($_POST['reset_token']);

if($password != $confirm_password){

$response = "<p class='alert alert-danger text-center ' role='alert'>Password do not match</p>";
$_SESSION['response'] = $response;
}

else {

$sql = "SELECT * FROM barber_admin WHERE email = '$email'";
$result = mysqli_query($new, $sql);
if (mysqli_num_rows($result) > 0)
{
  $user = mysqli_fetch_object($result);
  if ($user->reset_token == $reset_token)
  {

$password1 = password_hash($password,PASSWORD_BCRYPT, array('cost'=>12));
     $reset_token1 = '';

$stmt_update_service = $con->prepare("UPDATE barber_admin SET reset_token = ?,password = ?  WHERE email = ?");
$stmt_update_service->execute(array($reset_token,$password1,$email));

$response = "<p class='alert alert-success text-success ' role='alert'>Password has been changed.You can now login into your account</p>";
$_SESSION['response'] = $response;

header("location:index.php");

}
  else
  {
$response = "<p class='alert alert-danger text-danger ' role='alert'>Recovery email has been expired</p>";
$_SESSION['response'] = $response;
  
   header("location:index.php");
  }
}
else
{

$response = "<p class='alert alert-danger text-danger ' role='alert'>Email does not exists</p>";
$_SESSION['response'] = $response;
}

}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
  
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">

<title>Change Password | The Salon Friend</title>

<link rel="shortcut icon" href="../assets/icon.png" type="image/x-icon">
<link rel="icon" href="../assets/icon.png" type="image/x-icon">
  
  <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600&display=swap" rel="stylesheet">

<link rel="stylesheet" href="assets/vendor/bootstrap-icons/font/bootstrap-icons.css">

<link rel="stylesheet" href="assets/css/theme.min.css">
</head>

<?php

if(isset($_GET['email']) and $_GET['reset_token']){
$email = sql_prep($_GET["email"]);
$reset_token = sql_prep($_GET["reset_token"]);
}
$sql = "SELECT * FROM barber_admin WHERE email = '$email'";
$result = mysqli_query($new, $sql);
if (mysqli_num_rows($result) > 0)
{
$user = mysqli_fetch_object($result);
if ($user->reset_token == $reset_token)
{
?>
<form  method="POST">
<?php echo csrf_token_tag(); ?>
  <div class="text-center">
    <div class="mb-5">
      <h3 class="card-title">Reset password?</h3>
    </div>
  </div>

<div class="mb-4">
    <label class="form-label" for="resetPasswordSrEmail" tabindex="0">New Password</label>

<div class="mb-4">
    <label class="form-label" for="resetPasswordSrEmail" tabindex="0">Confrim password</label>

<div class="d-grid gap-4">
    <button type="submit" name="submit" class="btn btn-primary btn-lg">Reset password</button>
    <p class="card-text text-muted">Remember your password? <a class="link" href="index">Log in</a></p>
  </div>
</form>

<?php
    }
    else
    {
        echo "<p class='alert alert-danger text-center ' role='alert'>Recovery email has been expired</p>";
        echo  '<a href="index" class="btn btn-primary">Login</a>';
    }
}
else
{
echo "<p class='alert alert-danger text-center ' role='alert'>Email does not exists</p>";
echo  '<a href="index" class="btn btn-primary">Login</a>';

}
  ?>

</div>
</div>

<div class="col-md-5 d-md-flex justify-content-center flex-column bg-soft-primary p-8 p-md-5" style="background-image: url(assets/svg/components/wave-pattern.svg);">
<h5 class="mb-4">The easiest way to manage your Salon and Spa:</h5>

<ul class="list-checked list-checked-primary list-py-2">
<li class="list-checked-item">Maintain Customer/Staff records</li>
<li class="list-checked-item">Generate customized reports</li>
<li class="list-checked-item">Calculate staff  commissions and many more advanced features</li>

<li class="list-checked-item">Run staff payroll with ease</li>

</ul>

<span class="d-block">
<a class="link link-pointer" href="#">Learn more</a>
</span>
</div>

</div>

</div>

<figure class="position-absolute top-0 end-0 zi-n1 d-none d-sm-block mt-n7 me-n10" style="width: 4rem;">
<img class="img-fluid" src="assets/svg/components/pointer-up.svg" alt="Image Description">
</figure>

<figure class="position-absolute bottom-0 start-0 d-none d-sm-block ms-n10 mb-n10" style="width: 15rem;">
<img class="img-fluid" src="assets/svg/components/curved-shape.svg" alt="Image Description">
</figure>

</div>
</div>
</div>
</div>
    
  </main>

<script src="assets/vendor/bootstrap/dist/js/bootstrap.bundle.min.js"></script>

<script src="assets/js/theme.min.js"></script>

</body>
</html>

Cancel / Back

[ MAINHACK ]

Viewing / Editing File: change-password.php

Server Info

System Features

User Info