LRR/ResetPassword.php

79 lines
3.0 KiB
PHP

<?php
require_once 'Header.php';
require_once 'NoDirectPhpAcess.php';
require_once "get_mysql_credentials.php";
ini_set('display_errors', 0);
error_reporting(E_ALL);
$con = mysqli_connect("localhost", $mysql_username, $mysql_password, "lrr");
if (mysqli_connect_errno()) {
error_log("Database connection failed: " . mysqli_connect_error());
die("An error occurred. Please try again later.");
}
// Check if user_id is set in the session
if (!isset($_SESSION['email'])) {
die("Session expired. Please log in again.");
}
$email = $_SESSION['email'];
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Handle password reset
if (isset($_POST['new_password']) && isset($_POST['confirm_password'])) {
$new_password = $_POST['new_password'];
$confirm_password = $_POST['confirm_password'];
if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^\w\d\s]).{8,}$/', $new_password)) {
echo '<div class="alert alert-danger">Password must be at least 8 characters long and include uppercase and lowercase letters, numbers, and special characters.</div>';
} elseif ($new_password !== $confirm_password) {
echo '<div class="alert alert-danger">Passwords do not match. Please try again.</div>';
} else {
$hashed_password = password_hash($new_password, PASSWORD_ARGON2ID);
$user_id = $_SESSION['user_id'];
$stmt = $con->prepare("UPDATE users_table SET Password = ? WHERE email = ? AND user_id = ?");
$stmt->bind_param("sss", $hashed_password, $email, $user_id);
if ($stmt->execute()) {
echo '<div class="alert alert-success">Password reset successfully. You can now log in with your new password.</div>';
unset($_SESSION['user_id']); // Clear user_id after successful password reset
header("Location: index.php");
} else {
error_log("Error updating password for user ID: $user_id");
echo '<div class="alert alert-danger">An error occurred. Please try again later.</div>';
}
$stmt->close();
}
}
}
// Display the reset password form
echo '
<br/><br/><br/>
<div class="container">
<div class="row">
<div class="col-md-5"></div>
<div class="col-md-5">
<form action="" method="POST" class="">
<legend>Reset Your Password</legend><br/>
New Password <label class="form-text">Must include uppercase and lowercase letters, digits and special characters.</label>
<input type="password" name="new_password" placeholder=" Enter New Password" class="form-control" required>
<br/>
Confirm New Password
<input type="password" name="confirm_password" placeholder="Confirm New Password" class="form-control" required>
<br/>
<button id="butt" type="submit" class="btn btn-primary">Reset Password</button>
</form>
</div></div></div>
<style>
.guideline { display: none;}
#newPassword:focus + .guideline {display: block;}
';
mysqli_close($con);
?>