<?php require_once "../includes/session.php"; require_once "../includes/sanitize-all.php"; // Auto load the class when it is beeing created spl_autoload_register(function ($class) { require_once "../classes/" . $class . ".class.php"; }); if (empty($_POST["email"]) or empty($_POST["token"]) or empty($_POST["new-reset-password"]) or empty($_POST["confirm-reset-password"]) or empty($_POST["javascript"])) { die(Translate::string("reset_password_alert.all_fields_required")); } if ($_POST["new-reset-password"] != $_POST["confirm-reset-password"]) { die(Translate::string("reset_password_alert.passwords_dont_match")); } $email = $_POST["email"]; $token = $_POST["token"]; $new_password = $_POST["new-reset-password"]; $session_id = session_id(); $ip_address = $_SERVER['REMOTE_ADDR']; $javascript = $_POST["javascript"]; $browser = $_SERVER['HTTP_USER_AGENT']; if (!User::isTokenValid($email, $token)) { die(Translate::string("reset_password_alert.token_expired")); } $user = new User(); $reset = $user->resetPassword($email, $new_password); if (!$reset or !$user->destroyToken($token)) { die(Translate::string("reset_password_alert.something_went_wrong")); } $user->insertLog("password changed", $email, $javascript, $browser, $ip, $session_id); $user->checkCredentials($email, $new_password, $javascript, $browser, $ip_address, $session_id);
<?php if (!$_SESSION) { session_start(); } // define('ALLOW_ACCESS', true); // allow access to this page defined('ALLOW_ACCESS') or die('Restricted access'); // Security to prevent direct access to php files. // Reset Password Modal // only get the form when the token and email are valid if (!empty($_GET["reset-password"]) && !empty($_GET["email"])) { if (User::isTokenValid($_GET["email"], $_GET["reset-password"])) { ob_start(); // Start recording the content for the modal ?> <form id="reset-password-form" action="lib/ajax/reset-password.php" method="post" > <input type="hidden" name="token" required="required" value="<?php echo $_GET["reset-password"]; ?> "> <input type="hidden" name="email" required="required" value="<?php echo $_GET["email"]; ?> "> <input class="hidden javascript-check" type="checkbox" name="javascript" value="1"> <?php FormElement::input(array('id' => "new-reset-password", 'name' => "new-reset-password", 'label' => Translate::string("reset_password.new_passoword_label"), 'placeholder' => Translate::string("reset_password.new_passoword_placeholder"), 'type' => "password", 'required' => true)); FormElement::input(array('id' => "confirm-reset-password", 'name' => "confirm-reset-password", 'label' => Translate::string("reset_password.new_passoword_confirm_label"), 'placeholder' => Translate::string("reset_password.new_passoword_confirm_placeholder"), 'type' => "password", 'required' => true)); ?> <button>Reset Password</button> </form>