<?php
include 'core/init.php';
include 'includes/overall/header.php';
$newpass = $_POST['newpass'];
$newpass1 = $_POST['newpass1'];
$post_username = $_POST['username'];
$code = $_GET['code'];
if ($newpass == $newpass1) {
$options = array('cost' => 10);
$enc_pass = password_hash(sanitize($newpass), PASSWORD_BCRYPT, $options);
//$enc_pass = md5($newpass);
updateUserNPassword($post_username, $enc_pass);
updatePasscode('0', $post_username);
?>
Your password has been updated
<a href='http://localhost/DynaMathVersion1.3/login.php'>
Click here to login
</a>
<?php
} else {
?>
Passwords must match
<a href = 'forgot_pass.php?code=<?php
echo $code;
?>
&username=<?php
echo $post_username;
?>
'>
click here to go back
</form>
<?php
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$email = $_POST['email'];
/* $query = mysqli_query($GLOBALS['dbConnection'], "SELECT * FROM users WHERE username = '******'")or die(mysqli_error($GLOBALS['dbConnection']));
$numrow = mysqli_num_rows($query); */
if (user_exists($username)) {
//$row = mysqli_fetch_assoc($query);
$row = get_user_info($username);
$db_email = $row['email'];
if ($email == $db_email) {
$code = rand(10000, 1000000);
$to = $db_email;
$subject = "Password Reset";
$body = "\n\t\t\tThis is an automated email. Please Do Not reply to this email\n\t\t\tClick on the link below or pasted into your browser\n\t\t\thttp://localhost/DynaMathVersion1.3/forgot_pass.php?code={$code}&username={$username}\n\n\t\t\t";
$headers = "From:dynamicmathematicsprinciples@gmail.com";
updatePasscode($code, $username);
/* $query = "UPDATE users SET passreset='$code' WHERE username='******'";
mysqli_query($GLOBALS['dbConnection'], $query)or die(mysqli_error($GLOBALS['dbConnection'])); */
mail($to, $subject, $body, $headers);
echo "Please Check your Email";
} else {
echo "Email is incorrect";
}
} else {
echo "That username doesnt exits!";
}
}
}
include 'includes/overall/footer.php';