food-inventory/forgotten-password.php

<?php
// Include util functions
require_once("./assets/php/utils.php");
require_once("./assets/php/send_email.php");

clean_old_reset_tokens();
disconnect();

$password1_err = $password2_err = $mode = $submit_message = $link = "";


if (isset($_GET["token"]) && is_reset_token_valid($_GET["token"])) {
    if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["password1"]) && isset($_POST["password2"])) {
        if (empty(trim($_POST["password1"])) || strlen($_POST["password1"]) < $MINIMAL_PASSWORD_LENGTH) {
            $password1_err = "The password is too short.";
        } else if ($_POST["password1"] !== $_POST["password2"]) {
            $password2_err = "Passwords didn't match.";
        } else {
            if (change_user_password(get_user_id_from_reset_token($_GET["token"]), $_POST["password1"])) {
                delete_reset_token($_GET["token"]);
                header("Location: login.php");
            } else {
                $password1_err = $password2_err = "There were an error while changing your password.";
            }
        }
    } else if (
        $_SERVER["REQUEST_METHOD"] === "POST" && (!isset($_POST["password1"]) || !isset($_POST["password2"]) || empty(trim($_POST["password1"])) || empty(trim($_POST["password1"])))
    ) {
        $password1_err = "Please input a new password.";
    }
} else {
    if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["email"])) {
        $token = generate_reset_password_token($_POST["email"]);
        if ($token !== false) {
            $link = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST']
                . explode('?', $_SERVER['REQUEST_URI'], 2)[0] . "?token=$token";
            $row = get_user_info_from_email($_POST["email"]);
            $email_array = get_email_message($link, $row["first_name"]);
            if ($row !== false) {
                send_email(
                    $_POST["email"],
                    "Forgot your password? Let's get you a new one!",
                    $email_array["html"],
                    $email_array["alt"],
                    $row["first_name"],
                    $row["last_name"]
                );
            }
        }
        $submit_message = "If your e-mail address was correct, you should check your inbox.";
    }
}
?>

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <!-- TODO : ADD SEO STUFF -->
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <link href="/assets/css/reset.css" rel="stylesheet">
    <link href="/assets/css/common.css" rel="stylesheet">
    <link href="/assets/css/login.css" rel="stylesheet">
    <title>Food inventory - Forgotten password</title>
</head>

<body>
    <div class="center30left white">
        <h2 class="montserrat" id="title">Need to reset?</h2>
        <?php if (isset($_GET["token"]) && is_reset_token_valid($_GET["token"])) {
            ?>
            <form action="<?php echo htmlspecialchars($_SERVER["REQUEST_URI"]); ?>" method="post">
                <div class="flex-container flex-evenly">
                    <input type="password" name="password1" class="form-control halo-hover <?php echo (!empty($password1_err)) ? 'has-error' : ''; ?>" placeholder="Password">
                    <input type="password" name="password2" class="form-control halo-hover <?php echo (!empty($password2_err)) ? 'has-error' : ''; ?>" placeholder="Confirm password">
                </div>
                <div class="flex-container flex-evenly">
                    <div class="error">
                        <?php
                            if (!empty($password1_err)) echo $password1_err;
                            else echo $password2_err;
                            ?>
                    </div>
                </div>
                <div class="form-group flex-container flex-vertical-center flex-evenly">
                    <input type="submit" class="halo-hover login-button" value="Reset">
                    <a href="/" class="login-button halo-hover other-buttons">Main page</a>
                </div>
            </form>
            <?php
            } else {
                if ($submit_message === "") {
                    ?>
                <form action="<?php echo htmlspecialchars($_SERVER["REQUEST_URI"]); ?>" method="post">
                    <div class="flex-container flex-evenly">
                        <input type="email" name="email" class="form-control halo-hover" value="" placeholder="E-mail" required id="lost-email">
                    </div>
                    <div class="flex-container flex-evenly">
                        <div class="error">
                            <?php
                                    if (!empty($password1_err)) echo $password1_err;
                                    else echo $password2_err;
                                    ?>
                        </div>
                    </div>
                    <div class="form-group flex-container flex-vertical-center flex-evenly">
                        <input type="submit" class="halo-hover login-button" value="Reset">
                        <a href="/" class="login-button halo-hover other-buttons">Main page</a>
                    </div>
                </form>
        <?php
            } else {
                echo "<p class=\"error\">" . $submit_message . "</p>\n";
            }
        }
        ?>
    </div>
</body>

</html>
added a forgotten password page 2019-11-26 23:46:33 +01:00			`<?php`
			`// Include util functions`
			`require_once("./assets/php/utils.php");`
			`require_once("./assets/php/send_email.php");`

			`clean_old_reset_tokens();`
			`disconnect();`

			`$password1_err = $password2_err = $mode = $submit_message = $link = "";`


			`if (isset($_GET["token"]) && is_reset_token_valid($_GET["token"])) {`
			`if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["password1"]) && isset($_POST["password2"])) {`
			`if (empty(trim($_POST["password1"])) \|\| strlen($_POST["password1"]) < $MINIMAL_PASSWORD_LENGTH) {`
			`$password1_err = "The password is too short.";`
			`} else if ($_POST["password1"] !== $_POST["password2"]) {`
			`$password2_err = "Passwords didn't match.";`
			`} else {`
			`if (change_user_password(get_user_id_from_reset_token($_GET["token"]), $_POST["password1"])) {`
			`delete_reset_token($_GET["token"]);`
			`header("Location: login.php");`
			`} else {`
			`$password1_err = $password2_err = "There were an error while changing your password.";`
			`}`
			`}`
			`} else if (`
			`$_SERVER["REQUEST_METHOD"] === "POST" && (!isset($_POST["password1"]) \|\| !isset($_POST["password2"]) \|\| empty(trim($_POST["password1"])) \|\| empty(trim($_POST["password1"])))`
			`) {`
			`$password1_err = "Please input a new password.";`
			`}`
			`} else {`
			`if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["email"])) {`
			`$token = generate_reset_password_token($_POST["email"]);`
			`if ($token !== false) {`
			`$link = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST']`
			`. explode('?', $_SERVER['REQUEST_URI'], 2)[0] . "?token=$token";`
			`$row = get_user_info_from_email($_POST["email"]);`
			`$email_array = get_email_message($link, $row["first_name"]);`
			`if ($row !== false) {`
			`send_email(`
			`$_POST["email"],`
			`"Forgot your password? Let's get you a new one!",`
			`$email_array["html"],`
			`$email_array["alt"],`
			`$row["first_name"],`
			`$row["last_name"]`
			`);`
			`}`
			`}`
			`$submit_message = "If your e-mail address was correct, you should check your inbox.";`
			`}`
			`}`
			`?>`

			`<!DOCTYPE html>`
			`<html lang="en">`

			`<head>`
			`<meta charset="UTF-8">`
			`<!-- TODO : ADD SEO STUFF -->`
			`<meta name="viewport" content="width=device-width, initial-scale=1.0">`
			`<meta http-equiv="X-UA-Compatible" content="ie=edge">`
			`<link href="/assets/css/reset.css" rel="stylesheet">`
			`<link href="/assets/css/common.css" rel="stylesheet">`
			`<link href="/assets/css/login.css" rel="stylesheet">`
			`<title>Food inventory - Forgotten password</title>`
			`</head>`

			`<body>`
			`<div class="center30left white">`
			`<h2 class="montserrat" id="title">Need to reset?</h2>`
			`<?php if (isset($_GET["token"]) && is_reset_token_valid($_GET["token"])) {`
			`?>`
			`<form action="<?php echo htmlspecialchars($_SERVER["REQUEST_URI"]); ?>" method="post">`
			`<div class="flex-container flex-evenly">`
			`<input type="password" name="password1" class="form-control halo-hover <?php echo (!empty($password1_err)) ? 'has-error' : ''; ?>" placeholder="Password">`
			`<input type="password" name="password2" class="form-control halo-hover <?php echo (!empty($password2_err)) ? 'has-error' : ''; ?>" placeholder="Confirm password">`
			`</div>`
			`<div class="flex-container flex-evenly">`
			`<div class="error">`
			`<?php`
			`if (!empty($password1_err)) echo $password1_err;`
			`else echo $password2_err;`
			`?>`
			`</div>`
			`</div>`
			`<div class="form-group flex-container flex-vertical-center flex-evenly">`
			`<input type="submit" class="halo-hover login-button" value="Reset">`
			`<a href="/" class="login-button halo-hover other-buttons">Main page</a>`
			`</div>`
			`</form>`
			`<?php`
			`} else {`
			`if ($submit_message === "") {`
			`?>`
			`<form action="<?php echo htmlspecialchars($_SERVER["REQUEST_URI"]); ?>" method="post">`
			`<div class="flex-container flex-evenly">`
			`<input type="email" name="email" class="form-control halo-hover" value="" placeholder="E-mail" required id="lost-email">`
			`</div>`
			`<div class="flex-container flex-evenly">`
			`<div class="error">`
			`<?php`
			`if (!empty($password1_err)) echo $password1_err;`
			`else echo $password2_err;`
			`?>`
			`</div>`
			`</div>`
			`<div class="form-group flex-container flex-vertical-center flex-evenly">`
			`<input type="submit" class="halo-hover login-button" value="Reset">`
			`<a href="/" class="login-button halo-hover other-buttons">Main page</a>`
			`</div>`
			`</form>`
			`<?php`
			`} else {`
			`echo "<p class=\"error\">" . $submit_message . "</p>\n";`
			`}`
			`}`
			`?>`
			`</div>`
			`</body>`

			`</html>`