LRR/ResetPassword.php

<?php
require_once 'Header.php';
require_once 'NoDirectPhpAcess.php';
require_once "get_mysql_credentials.php";

ini_set('display_errors', 0);
error_reporting(E_ALL);

$con = mysqli_connect("localhost", $mysql_username, $mysql_password, "lrr");

if (mysqli_connect_errno()) {
    error_log("Database connection failed: " . mysqli_connect_error());
    die("An error occurred. Please try again later.");
}

// Check if user_id is set in the session
if (!isset($_SESSION['email'])) {
    die("Session expired. Please log in again.");
}

$email = $_SESSION['email'];

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    // Handle password reset
    if (isset($_POST['new_password']) && isset($_POST['confirm_password'])) {
        $new_password = $_POST['new_password'];
        $confirm_password = $_POST['confirm_password'];

        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^\w\d\s]).{8,}$/', $new_password)) {
            echo '<div class="alert alert-danger">Password must be at least 8 characters long and include uppercase and lowercase letters, numbers, and special characters.</div>';
        } elseif ($new_password !== $confirm_password) {
            echo '<div class="alert alert-danger">Passwords do not match. Please try again.</div>';
        } else {
            $hashed_password = password_hash($new_password, PASSWORD_ARGON2ID);
            $user_id = $_SESSION['user_id'];

            $stmt = $con->prepare("UPDATE users_table SET Password = ? WHERE email = ? AND user_id = ?");
            $stmt->bind_param("sss", $hashed_password, $email, $user_id);

            if ($stmt->execute()) {
                echo '<div class="alert alert-success">Password reset successfully. You can now log in with your new password.</div>';
                unset($_SESSION['user_id']); // Clear user_id after successful password reset
                header("Location: index.php");
            } else {
                error_log("Error updating password for user ID: $user_id");
                echo '<div class="alert alert-danger">An error occurred. Please try again later.</div>';
            }
            $stmt->close();
        }
    }
}

// Display the reset password form
echo '
<br/><br/><br/>
<div class="container">
<div class="row">
<div class="col-md-5"></div>
<div class="col-md-5">
<form action="" method="POST" class="">
    <legend>Reset Your Password</legend><br/>
       New Password <label class="form-text">Must include uppercase and lowercase letters, digits and special characters.</label>  
       <input type="password" name="new_password"  placeholder=" Enter New Password" class="form-control" required>
       <br/>
      Confirm New Password
        <input type="password" name="confirm_password" placeholder="Confirm New Password" class="form-control" required>
     <br/>
    <button id="butt" type="submit" class="btn btn-primary">Reset Password</button>
</form>
</div></div></div>
<style>
.guideline { display: none;}
#newPassword:focus + .guideline {display: block;}
';


mysqli_close($con);
?>
Fix Bug48: Implememt Password Recovery Using Security Questions 2025-05-15 01:43:36 +08:00			`<?php`
			`require_once 'Header.php';`
			`require_once 'NoDirectPhpAcess.php';`
			`require_once "get_mysql_credentials.php";`

			`ini_set('display_errors', 0);`
			`error_reporting(E_ALL);`

			`$con = mysqli_connect("localhost", $mysql_username, $mysql_password, "lrr");`

			`if (mysqli_connect_errno()) {`
			`error_log("Database connection failed: " . mysqli_connect_error());`
			`die("An error occurred. Please try again later.");`
			`}`

			`// Check if user_id is set in the session`
			`if (!isset($_SESSION['email'])) {`
			`die("Session expired. Please log in again.");`
			`}`

			`$email = $_SESSION['email'];`

			`if ($_SERVER['REQUEST_METHOD'] == 'POST') {`
			`// Handle password reset`
			`if (isset($_POST['new_password']) && isset($_POST['confirm_password'])) {`
			`$new_password = $_POST['new_password'];`
			`$confirm_password = $_POST['confirm_password'];`

			`if (!preg_match('/^(?=.[a-z])(?=.[A-Z])(?=.\d)(?=.[^\w\d\s]).{8,}$/', $new_password)) {`
			`echo '<div class="alert alert-danger">Password must be at least 8 characters long and include uppercase and lowercase letters, numbers, and special characters.</div>';`
			`} elseif ($new_password !== $confirm_password) {`
			`echo '<div class="alert alert-danger">Passwords do not match. Please try again.</div>';`
			`} else {`
			`$hashed_password = password_hash($new_password, PASSWORD_ARGON2ID);`
			`$user_id = $_SESSION['user_id'];`

			`$stmt = $con->prepare("UPDATE users_table SET Password = ? WHERE email = ? AND user_id = ?");`
			`$stmt->bind_param("sss", $hashed_password, $email, $user_id);`

			`if ($stmt->execute()) {`
			`echo '<div class="alert alert-success">Password reset successfully. You can now log in with your new password.</div>';`
			`unset($_SESSION['user_id']); // Clear user_id after successful password reset`
			`header("Location: index.php");`
			`} else {`
			`error_log("Error updating password for user ID: $user_id");`
			`echo '<div class="alert alert-danger">An error occurred. Please try again later.</div>';`
			`}`
			`$stmt->close();`
			`}`
			`}`
			`}`

			`// Display the reset password form`
			`echo '`
			`<br/><br/><br/>`
			`<div class="container">`
			`<div class="row">`
			`<div class="col-md-5"></div>`
			`<div class="col-md-5">`
			`<form action="" method="POST" class="">`
			`<legend>Reset Your Password</legend><br/>`
			`New Password <label class="form-text">Must include uppercase and lowercase letters, digits and special characters.</label>`
			`<input type="password" name="new_password" placeholder=" Enter New Password" class="form-control" required>`
			`<br/>`
			`Confirm New Password`
			`<input type="password" name="confirm_password" placeholder="Confirm New Password" class="form-control" required>`
			`<br/>`
			`<button id="butt" type="submit" class="btn btn-primary">Reset Password</button>`
			`</form>`
			`</div></div></div>`
			`<style>`
			`.guideline { display: none;}`
			`#newPassword:focus + .guideline {display: block;}`
			`';`


			`mysqli_close($con);`
			`?>`