<?php
require_once "../includes/session.php";
require_once "../includes/sanitize-all.php";
// Auto load the class when it is beeing created
spl_autoload_register(function ($class) {
require_once "../classes/" . $class . ".class.php";
});
if (empty($_POST["email"]) or empty($_POST["token"]) or empty($_POST["new-reset-password"]) or empty($_POST["confirm-reset-password"]) or empty($_POST["javascript"])) {
die(Translate::string("reset_password_alert.all_fields_required"));
}
if ($_POST["new-reset-password"] != $_POST["confirm-reset-password"]) {
die(Translate::string("reset_password_alert.passwords_dont_match"));
}
$email = $_POST["email"];
$token = $_POST["token"];
$new_password = $_POST["new-reset-password"];
$session_id = session_id();
$ip_address = $_SERVER['REMOTE_ADDR'];
$javascript = $_POST["javascript"];
$browser = $_SERVER['HTTP_USER_AGENT'];
if (!User::isTokenValid($email, $token)) {
die(Translate::string("reset_password_alert.token_expired"));
}
$user = new User();
$reset = $user->resetPassword($email, $new_password);
if (!$reset or !$user->destroyToken($token)) {
die(Translate::string("reset_password_alert.something_went_wrong"));
}
$user->insertLog("password changed", $email, $javascript, $browser, $ip, $session_id);
$user->checkCredentials($email, $new_password, $javascript, $browser, $ip_address, $session_id);
<?php
if (!$_SESSION) {
session_start();
}
// define('ALLOW_ACCESS', true); // allow access to this page
defined('ALLOW_ACCESS') or die('Restricted access');
// Security to prevent direct access to php files.
// Reset Password Modal
// only get the form when the token and email are valid
if (!empty($_GET["reset-password"]) && !empty($_GET["email"])) {
if (User::isTokenValid($_GET["email"], $_GET["reset-password"])) {
ob_start();
// Start recording the content for the modal
?>
<form id="reset-password-form" action="lib/ajax/reset-password.php" method="post" >
<input type="hidden" name="token" required="required" value="<?php
echo $_GET["reset-password"];
?>
">
<input type="hidden" name="email" required="required" value="<?php
echo $_GET["email"];
?>
">
<input class="hidden javascript-check" type="checkbox" name="javascript" value="1">
<?php
FormElement::input(array('id' => "new-reset-password", 'name' => "new-reset-password", 'label' => Translate::string("reset_password.new_passoword_label"), 'placeholder' => Translate::string("reset_password.new_passoword_placeholder"), 'type' => "password", 'required' => true));
FormElement::input(array('id' => "confirm-reset-password", 'name' => "confirm-reset-password", 'label' => Translate::string("reset_password.new_passoword_confirm_label"), 'placeholder' => Translate::string("reset_password.new_passoword_confirm_placeholder"), 'type' => "password", 'required' => true));
?>
<button>Reset Password</button>
</form>
