php-main/resetpass.php at main · kuria300/php-main · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
<?php
session_start();
include('DB_connect.php');

if (isset($_GET['token'])) {
    $token = $_GET['token'];
    $errors = array();
    // Validate token and get user details
    $query = "SELECT email, user_type FROM password_resets WHERE token = ? AND expiry > NOW()";
    $stmt = $connect->prepare($query);
    $stmt->bind_param('s', $token);
    $stmt->execute();
    $stmt->store_result();

        // Form to reset password
        if (isset($_POST['update_password'])) {
            $new_password = trim($_POST['password']);
            $confirm_password = trim($_POST['confirm_password']);

            if (empty($new_password) || $new_password !== $confirm_password) {
                $errors[] = "Passwords do not match or are empty";
            } elseif (strlen($new_password) < 6) {
                $errors[] = "Password must be at least 6 characters long";
            } else {
                // Fetch email and user type
                $stmt = $connect->prepare("SELECT email, user_type FROM password_resets WHERE token = ?");
                $stmt->bind_param('s', $token);
                $stmt->execute();
                $stmt->bind_result($email, $user_type);
                $stmt->fetch();
                $stmt->close();

                // Hash the new password
                //$hashed_password = password_hash($new_password, PASSWORD_DEFAULT);

                // Update password based on user type
                if ($user_type === 'Student') {
                    $query = "UPDATE students SET student_password = ? WHERE student_email = ?";
                } elseif ($user_type === 'Parent') {
                    $query = "UPDATE parents SET parent_password = ? WHERE parent_email = ?";
                } else {
                    $query = "UPDATE admin_users SET admin_password = ? WHERE admin_email = ?";
                }

                $stmt = $connect->prepare($query);
                if (!$stmt) {
                    echo "Prepare failed: (" . $connect->errno . ") " . $connect->error;
                }
                $stmt->bind_param('ss', $new_password, $email);
                if (!$stmt->execute()) {
                    echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
                }

                // Delete the reset token
                $query = "DELETE FROM password_resets WHERE token = ?";
                $stmt = $connect->prepare($query);
                if (!$stmt) {
                    echo "Prepare failed: (" . $connect->errno . ") " . $connect->error;
                }
                $stmt->bind_param('s', $token);
                if (!$stmt->execute()) {
                    echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
                }

                $message = "Password updated successfully";
            }
        }
    }

    $stmt->close();
    $connect->close();

?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Reset Password</title>
    <link rel="icon" href="logo2.png">
    <link rel="stylesheet" href="css/cont1.css">
    <!-- Bootstrap and Font Awesome links -->
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-YvpcrYf0tY3lHB60NNkmXc5s9fDVZLESaAA55NDzOxhy9GkcIdslK1eN7N6jIeHz" crossorigin="anonymous"></script>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH" crossorigin="anonymous">
</head>
<body>
<div class="imageBox">
        <img src="login-logo.png" alt="Fee management">
 </div>
    <section class="contact-us">
        <div class="form-container">


    <form action="resetpass.php?token=<?php echo htmlspecialchars($token, ENT_QUOTES, 'UTF-8'); ?>" method="post" class="form-contact">
    <?php
   if (!empty($errors)) {
    echo '<div class="alert alert-danger alert-dismissible fade show" role="alert">';
    foreach ($errors as $error) {
        echo "<p>$error</p>";
    }
    echo '<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>';
    echo '</div>';
}

// Display success message in a success alert box with a close button and checkmark icon if available
if (!empty($message)) {
    echo "<div class='alert alert-success alert-dismissible fade show' role='alert'>
            <p>$message</p>
            <button type='button' class='btn-close' data-bs-dismiss='alert' aria-label='Close'></button>
          </div>";
}
    ?>
                <h3 class="mb-2 mt-2">Reset Password</h3>
                <div class="mb-4 mt-4">
                    <label for="password" class="form-label">New Password</label>
                    <input type="password" name="password" class="form-control" id="password" required>
                </div>
                <div class="mb-4 mt-4">
                    <label for="confirm_password" class="form-label">Confirm Password</label>
                    <input type="password" name="confirm_password" class="form-control" id="confirm_password" required>
                </div>
                <div class="mb-4">
                    <button type="submit" name="update_password" class="btn btn-primary">Update Password</button>
                </div>
                <div class="mb-4">
        <a href="Admin.php" class="btn btn-secondary">Back to Login</a>
    </div>
            </form>
        </div>
    </section>
</body>
</html>