88 lines
3.3 KiB
PHP
88 lines
3.3 KiB
PHP
<?php
|
|
include 'NoDirectPhpAcess.php';
|
|
include 'Header.php';
|
|
include "get_mysql_credentials.php"; // Database credentials
|
|
error_reporting(E_ALL);
|
|
ini_set('display_errors', 1);
|
|
|
|
// Connect to the database
|
|
$con = mysqli_connect("localhost", $mysql_username, $mysql_password, "lrr");
|
|
|
|
if (mysqli_connect_errno()) {
|
|
die("Connection failed: " . mysqli_connect_error());
|
|
}
|
|
|
|
// Check if user is logged in
|
|
if (isset($_SESSION['email'])) {
|
|
$email = $_SESSION['email'];
|
|
|
|
// Check if form is submitted
|
|
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|
// Get the submitted answers
|
|
$answer1 = strtolower(trim($_POST['answer1']));
|
|
$answer2 = strtolower(trim($_POST['answer2']));
|
|
|
|
// Fetch correct answers from the database
|
|
$sql = "SELECT user_id, answer1, answer2 FROM password_recovery_security_questions WHERE email = '$email'";
|
|
$result = mysqli_query($con, $sql);
|
|
|
|
if ($row = mysqli_fetch_assoc($result)) {
|
|
// Compare submitted answers with stored answers
|
|
if (hash_equals($row['answer1'], $answer1) && hash_equals($row['answer2'], $answer2)) {
|
|
$_SESSION['user_id'] = $row['user_id'];
|
|
header("Location: ResetPassword.php"); // Redirect to password reset page
|
|
exit;
|
|
} else {
|
|
$error_message = "Incorrect answers. Please try again.";
|
|
}
|
|
} else {
|
|
echo '<div class="container mt-5"><div class="alert alert-warning" role="alert">No security questions found for this user.</div></div>';
|
|
}
|
|
}
|
|
|
|
// Fetch security questions from the database for display
|
|
$sql = "SELECT question1, question2 FROM password_recovery_security_questions WHERE email = '$email'";
|
|
$result = mysqli_query($con, $sql);
|
|
|
|
if ($row = mysqli_fetch_assoc($result)) {
|
|
// Display the questions in a form
|
|
echo'<br/><br/><br/>';
|
|
echo '<div class="container">';
|
|
echo '<div class="row">';
|
|
echo '<div class="col-md-5"></div>';
|
|
echo '<div class="col-md-5">';
|
|
if (isset($error_message)) {
|
|
echo '<div id="alertbad" class="alert alert-danger" role="alert">' . $error_message . '</div>'; // Display error message
|
|
}
|
|
|
|
//echo '<center>';
|
|
echo '<form action="" method="POST" class="">';
|
|
echo '<legend>Answer Your Security Questions.</legend>';
|
|
|
|
// Question 1
|
|
echo '<div class="mb-3">';
|
|
echo '<label class="form-label">' . htmlspecialchars($row['question1']) . '</label>';
|
|
echo '<input type="text" class="form-control" name="answer1" required>';
|
|
echo '</div>';
|
|
echo'<br/>';
|
|
|
|
// Question 2
|
|
echo '<div class="mb-3">';
|
|
echo '<label class="form-label">' . htmlspecialchars($row['question2']) . '</label>';
|
|
echo '<input type="text" class="form-control" name="answer2" required>';
|
|
echo '</div>';
|
|
|
|
echo '<button id="sub" type="submit" class="btn btn-primary">Submit Answers</button>';
|
|
echo '</form>';
|
|
echo '</div></div></div>'; // Close container
|
|
} else {
|
|
echo '<div class="container mt-5"><div class="alert alert-warning" role="alert">No security questions found for this user.</div></div>';
|
|
}
|
|
} else {
|
|
header("Location: RecoverPassword.php"); // Redirect if session data is missing
|
|
exit;
|
|
}
|
|
|
|
mysqli_close($con);
|
|
?>
|