-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathData.php
More file actions
83 lines (70 loc) · 2.59 KB
/
Data.php
File metadata and controls
83 lines (70 loc) · 2.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
<?php require_once "mid.php";?>
<?php
require "config.php";
$username = $_SESSION['username'];
$code = $_SESSION['code'];
echo $username;
echo $code;
$opt = mysqli_real_escape_string($link, $_POST['OTP']);
echo $opt;
$newman = mysqli_real_escape_string($link, $_POST['new_password']);
echo $newman;
// $sql = "SELECT * from users where username = $username";
// $result = mysqli_query($link, $sql);
// $row = mysqli_fetch_array($result);
// $iid = $row['id'];
// echo $iid;
if( $opt != $code)
{
header('Location: login.php');
exit();
}
// Define variables and initialize with empty values
$new_password = $confirm_password = "";
$new_password_err = $confirm_password_err = "";
// Processing form data when form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Validate new password
if (empty(trim($_POST["new_password"]))) {
$new_password_err = "Please enter the new password.";
} elseif (strlen(trim($_POST["new_password"])) < 6) {
$new_password_err = "Password must have atleast 6 characters.";
} else {
$new_password = trim($_POST["new_password"]);
}
// Validate confirm password
if (empty(trim($_POST["confirm_password"]))) {
$confirm_password_err = "Please confirm the password.";
} else {
$confirm_password = trim($_POST["confirm_password"]);
if (empty($new_password_err) && ($new_password != $confirm_password)) {
$confirm_password_err = "Password did not match.";
}
}
// Check input errors before updating the database
if (empty($new_password_err) && empty($confirm_password_err)) {
// Prepare an update statement
$sql = "UPDATE users SET password = ? WHERE username = ? ";
if ($stmt = mysqli_prepare($link, $sql)) {
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ss", $param_password, $param_username);
// Set parameters
$param_password = password_hash($new_password, PASSWORD_DEFAULT);
$param_username = $username;
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
// Password updated successfully. Destroy the session, and redirect to login page
session_destroy();
header("location: login.php");
exit();
} else {
echo "Oops! Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Close connection
mysqli_close($link);
}
?>