louis/food-inventory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added a forgotten password page

Browse Source
This commit is contained in:
Louis Vallat 2019-11-26 23:46:33 +01:00
parent d40b4d6754
commit 9691de3b8f
11 changed files with 7052 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
assets/css/login.css
View File

@ -190,6 +190,6 @@ a {
border-radius: 3px; border-radius: 3px;
} }
#register-email { #register-email, #lost-email {
width: 100%; width: 100%;
} }

4
assets/php/confg.json.example
View File

@ -3,5 +3,7 @@
"dbname": "db", "dbname": "db",
"user": "user", "user": "user",
"password": "pass", "password": "pass",
"kind": "mysql" "kind": "mysql",
"gmail_username":"example@gmail.com",
"gmail_password": "myawesomepassword123"
} }

39
assets/php/phpmailer/Exception.php Normal file
View File

@ -0,0 +1,39 @@
<?php
/**
* PHPMailer Exception class.
* PHP Version 5.5.
*
* @see https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
*
* @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
* @author Jim Jagielski (jimjag) <jimjag@gmail.com>
* @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
* @author Brent R. Matzelle (original founder)
* @copyright 2012 - 2017 Marcus Bointon
* @copyright 2010 - 2012 Jim Jagielski
* @copyright 2004 - 2009 Andy Prevost
* @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
* @note This program is distributed in the hope that it will be useful - WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE.
*/
namespace PHPMailer\PHPMailer;
/**
* PHPMailer exception handler.
*
* @author Marcus Bointon <phpmailer@synchromedia.co.uk>
*/
class Exception extends \Exception
{
/**
* Prettify error message output.
*
* @return string
*/
public function errorMessage()
{
return '<strong>' . htmlspecialchars($this->getMessage()) . "</strong><br />\n";
}
}

138
assets/php/phpmailer/OAuth.php Normal file
View File

@ -0,0 +1,138 @@
<?php
/**
* PHPMailer - PHP email creation and transport class.
* PHP Version 5.5.
*
* @see https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
*
* @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
* @author Jim Jagielski (jimjag) <jimjag@gmail.com>
* @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
* @author Brent R. Matzelle (original founder)
* @copyright 2012 - 2015 Marcus Bointon
* @copyright 2010 - 2012 Jim Jagielski
* @copyright 2004 - 2009 Andy Prevost
* @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
* @note This program is distributed in the hope that it will be useful - WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE.
*/
namespace PHPMailer\PHPMailer;
use League\OAuth2\Client\Grant\RefreshToken;
use League\OAuth2\Client\Provider\AbstractProvider;
use League\OAuth2\Client\Token\AccessToken;
/**
* OAuth - OAuth2 authentication wrapper class.
* Uses the oauth2-client package from the League of Extraordinary Packages.
*
* @see http://oauth2-client.thephpleague.com
*
* @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
*/
class OAuth
{
/**
* An instance of the League OAuth Client Provider.
*
* @var AbstractProvider
*/
protected $provider;
/**
* The current OAuth access token.
*
* @var AccessToken
*/
protected $oauthToken;
/**
* The user's email address, usually used as the login ID
* and also the from address when sending email.
*
* @var string
*/
protected $oauthUserEmail = '';
/**
* The client secret, generated in the app definition of the service you're connecting to.
*
* @var string
*/
protected $oauthClientSecret = '';
/**
* The client ID, generated in the app definition of the service you're connecting to.
*
* @var string
*/
protected $oauthClientId = '';
/**
* The refresh token, used to obtain new AccessTokens.
*
* @var string
*/
protected $oauthRefreshToken = '';
/**
* OAuth constructor.
*
* @param array $options Associative array containing
* `provider`, `userName`, `clientSecret`, `clientId` and `refreshToken` elements
*/
public function __construct($options)
{
$this->provider = $options['provider'];
$this->oauthUserEmail = $options['userName'];
$this->oauthClientSecret = $options['clientSecret'];
$this->oauthClientId = $options['clientId'];
$this->oauthRefreshToken = $options['refreshToken'];
}
/**
* Get a new RefreshToken.
*
* @return RefreshToken
*/
protected function getGrant()
{
return new RefreshToken();
}
/**
* Get a new AccessToken.
*
* @return AccessToken
*/
protected function getToken()
{
return $this->provider->getAccessToken(
$this->getGrant(),
['refresh_token' => $this->oauthRefreshToken]
);
}
/**
* Generate a base64-encoded OAuth token.
*
* @return string
*/
public function getOauth64()
{
// Get a new token if it's not available or has expired
if (null === $this->oauthToken || $this->oauthToken->hasExpired()) {
$this->oauthToken = $this->getToken();
}
return base64_encode(
'user=' .
$this->oauthUserEmail .
"\001auth=Bearer " .
$this->oauthToken .
"\001\001"
);
}
}

4770
assets/php/phpmailer/PHPMailer.php Normal file
View File

File diff suppressed because it is too large Load Diff

419
assets/php/phpmailer/POP3.php Normal file
View File

@ -0,0 +1,419 @@
<?php
/**
* PHPMailer POP-Before-SMTP Authentication Class.
* PHP Version 5.5.
*
* @see https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
*
* @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
* @author Jim Jagielski (jimjag) <jimjag@gmail.com>
* @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
* @author Brent R. Matzelle (original founder)
* @copyright 2012 - 2019 Marcus Bointon
* @copyright 2010 - 2012 Jim Jagielski
* @copyright 2004 - 2009 Andy Prevost
* @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
* @note This program is distributed in the hope that it will be useful - WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE.
*/
namespace PHPMailer\PHPMailer;
/**
* PHPMailer POP-Before-SMTP Authentication Class.
* Specifically for PHPMailer to use for RFC1939 POP-before-SMTP authentication.
* 1) This class does not support APOP authentication.
* 2) Opening and closing lots of POP3 connections can be quite slow. If you need
* to send a batch of emails then just perform the authentication once at the start,
* and then loop through your mail sending script. Providing this process doesn't
* take longer than the verification period lasts on your POP3 server, you should be fine.
* 3) This is really ancient technology; you should only need to use it to talk to very old systems.
* 4) This POP3 class is deliberately lightweight and incomplete, implementing just
* enough to do authentication.
* If you want a more complete class there are other POP3 classes for PHP available.
*
* @author Richard Davey (original author) <rich@corephp.co.uk>
* @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
* @author Jim Jagielski (jimjag) <jimjag@gmail.com>
* @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
*/
class POP3
{
/**
* The POP3 PHPMailer Version number.
*
* @var string
*/
const VERSION = '6.1.3';
/**
* Default POP3 port number.
*
* @var int
*/
const DEFAULT_PORT = 110;
/**
* Default timeout in seconds.
*
* @var int
*/
const DEFAULT_TIMEOUT = 30;
/**
* Debug display level.
* Options: 0 = no, 1+ = yes.
*
* @var int
*/
public $do_debug = 0;
/**
* POP3 mail server hostname.
*
* @var string
*/
public $host;
/**
* POP3 port number.
*
* @var int
*/
public $port;
/**
* POP3 Timeout Value in seconds.
*
* @var int
*/
public $tval;
/**
* POP3 username.
*
* @var string
*/
public $username;
/**
* POP3 password.
*
* @var string
*/
public $password;
/**
* Resource handle for the POP3 connection socket.
*
* @var resource
*/
protected $pop_conn;
/**
* Are we connected?
*
* @var bool
*/
protected $connected = false;
/**
* Error container.
*
* @var array
*/
protected $errors = [];
/**
* Line break constant.
*/
const LE = "\r\n";
/**
* Simple static wrapper for all-in-one POP before SMTP.
*
* @param string $host The hostname to connect to
* @param int|bool $port The port number to connect to
* @param int|bool $timeout The timeout value
* @param string $username
* @param string $password
* @param int $debug_level
*
* @return bool
*/
public static function popBeforeSmtp(
$host,
$port = false,
$timeout = false,
$username = '',
$password = '',
$debug_level = 0
) {
$pop = new self();
return $pop->authorise($host, $port, $timeout, $username, $password, $debug_level);
}
/**
* Authenticate with a POP3 server.
* A connect, login, disconnect sequence
* appropriate for POP-before SMTP authorisation.
*
* @param string $host The hostname to connect to
* @param int|bool $port The port number to connect to
* @param int|bool $timeout The timeout value
* @param string $username
* @param string $password
* @param int $debug_level
*
* @return bool
*/
public function authorise($host, $port = false, $timeout = false, $username = '', $password = '', $debug_level = 0)
{
$this->host = $host;
// If no port value provided, use default
if (false === $port) {
$this->port = static::DEFAULT_PORT;
} else {
$this->port = (int) $port;
}
// If no timeout value provided, use default
if (false === $timeout) {
$this->tval = static::DEFAULT_TIMEOUT;
} else {
$this->tval = (int) $timeout;
}
$this->do_debug = $debug_level;
$this->username = $username;
$this->password = $password;
// Reset the error log
$this->errors = [];
// connect
$result = $this->connect($this->host, $this->port, $this->tval);
if ($result) {
$login_result = $this->login($this->username, $this->password);
if ($login_result) {
$this->disconnect();
return true;
}
}
// We need to disconnect regardless of whether the login succeeded
$this->disconnect();
return false;
}
/**
* Connect to a POP3 server.
*
* @param string $host
* @param int|bool $port
* @param int $tval
*
* @return bool
*/
public function connect($host, $port = false, $tval = 30)
{
// Are we already connected?
if ($this->connected) {
return true;
}
//On Windows this will raise a PHP Warning error if the hostname doesn't exist.
//Rather than suppress it with @fsockopen, capture it cleanly instead
set_error_handler([$this, 'catchWarning']);
if (false === $port) {
$port = static::DEFAULT_PORT;
}
// connect to the POP3 server
$this->pop_conn = fsockopen(
$host, // POP3 Host
$port, // Port #
$errno, // Error Number
$errstr, // Error Message
$tval
); // Timeout (seconds)
// Restore the error handler
restore_error_handler();
// Did we connect?
if (false === $this->pop_conn) {
// It would appear not...
$this->setError(
"Failed to connect to server $host on port $port. errno: $errno; errstr: $errstr"
);
return false;
}
// Increase the stream time-out
stream_set_timeout($this->pop_conn, $tval, 0);
// Get the POP3 server response
$pop3_response = $this->getResponse();
// Check for the +OK
if ($this->checkResponse($pop3_response)) {
// The connection is established and the POP3 server is talking
$this->connected = true;
return true;
}
return false;
}
/**
* Log in to the POP3 server.
* Does not support APOP (RFC 2828, 4949).
*
* @param string $username
* @param string $password
*
* @return bool
*/
public function login($username = '', $password = '')
{
if (!$this->connected) {
$this->setError('Not connected to POP3 server');
}
if (empty($username)) {
$username = $this->username;
}
if (empty($password)) {
$password = $this->password;
}
// Send the Username
$this->sendString("USER $username" . static::LE);
$pop3_response = $this->getResponse();
if ($this->checkResponse($pop3_response)) {
// Send the Password
$this->sendString("PASS $password" . static::LE);
$pop3_response = $this->getResponse();
if ($this->checkResponse($pop3_response)) {
return true;
}
}
return false;
}
/**
* Disconnect from the POP3 server.
*/
public function disconnect()
{
$this->sendString('QUIT');
//The QUIT command may cause the daemon to exit, which will kill our connection
//So ignore errors here
try {
@fclose($this->pop_conn);
} catch (Exception $e) {
//Do nothing
}
}
/**
* Get a response from the POP3 server.
*
* @param int $size The maximum number of bytes to retrieve
*
* @return string
*/
protected function getResponse($size = 128)
{
$response = fgets($this->pop_conn, $size);
if ($this->do_debug >= 1) {
echo 'Server -> Client: ', $response;
}
return $response;
}
/**
* Send raw data to the POP3 server.
*
* @param string $string
*
* @return int
*/
protected function sendString($string)
{
if ($this->pop_conn) {
if ($this->do_debug >= 2) { //Show client messages when debug >= 2
echo 'Client -> Server: ', $string;
}
return fwrite($this->pop_conn, $string, strlen($string));
}
return 0;
}
/**
* Checks the POP3 server response.
* Looks for for +OK or -ERR.
*
* @param string $string
*
* @return bool
*/
protected function checkResponse($string)
{
if (strpos($string, '+OK') !== 0) {
$this->setError("Server reported an error: $string");
return false;
}
return true;
}
/**
* Add an error to the internal error store.
* Also display debug output if it's enabled.
*
* @param string $error
*/
protected function setError($error)
{
$this->errors[] = $error;
if ($this->do_debug >= 1) {
echo '<pre>';
foreach ($this->errors as $e) {
print_r($e);
}
echo '</pre>';
}
}
/**
* Get an array of error messages, if any.
*
* @return array
*/
public function getErrors()
{
return $this->errors;
}
/**
* POP3 connection error handler.
*
* @param int $errno
* @param string $errstr
* @param string $errfile
* @param int $errline
*/
protected function catchWarning($errno, $errstr, $errfile, $errline)
{
$this->setError(
'Connecting to the POP3 server raised a PHP warning:' .
"errno: $errno errstr: $errstr; errfile: $errfile; errline: $errline"
);
}
}

1370
assets/php/phpmailer/SMTP.php Normal file
View File

File diff suppressed because it is too large Load Diff

55
assets/php/send_email.php Normal file
View File

@ -0,0 +1,55 @@
<?php
//Import PHPMailer classes into the global namespace
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
use PHPMailer\PHPMailer\Exception;
require_once("./assets/php/phpmailer/Exception.php");
require_once("./assets/php/phpmailer/PHPMailer.php");
require_once("./assets/php/phpmailer/SMTP.php");
function send_email($to, $subject, $body, $alt_body, $to_first_name, $to_last_name)
{
$config_array = json_decode(file_get_contents("config.json", true));
if (!isset($alt_body)) {
$alt_body = "";
}
try {
//Create a new PHPMailer instance
$mail = new PHPMailer;
//Tell PHPMailer to use SMTP
$mail->isSMTP();
//Enable SMTP debugging
// SMTP::DEBUG_OFF = off (for production use)
// SMTP::DEBUG_CLIENT = client messages
// SMTP::DEBUG_SERVER = client and server messages
$mail->SMTPDebug = SMTP::DEBUG_OFF;
//Set the hostname of the mail server
$mail->Host = 'smtp.gmail.com';
//Set the SMTP port number - 587 for authenticated TLS, a.k.a. RFC4409 SMTP submission
$mail->Port = 587;
//Set the encryption mechanism to use - STARTTLS or SMTPS
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
//Whether to use SMTP authentication
$mail->SMTPAuth = true;
//Username to use for SMTP authentication - use full email address for gmail
$mail->Username = $config_array->{"gmail_username"};
//Password to use for SMTP authentication
$mail->Password = $config_array->{"gmail_password"};
//Set who the message is to be sent from
$mail->setFrom($config_array->{"gmail_username"}, 'Food Inventory');
//Set an alternative reply-to address
$mail->addAddress($to, $to_first_name . " " . $to_last_name);
//Set the subject line
$mail->Subject = $subject;
$mail->Body = $body;
//Replace the plain text body with one created manually
$mail->AltBody = $alt_body;
//send the message, check for errors
return ($mail->send());
} catch (Exception $e) {
return false;
}
}

134
assets/php/utils.php
View File

@ -2,6 +2,8 @@
$SESSION_COOKIE_NAME = "connection_id"; $SESSION_COOKIE_NAME = "connection_id";
$MAX_COOKIE_LIFE = 86400 * 30; // 30 days max $MAX_COOKIE_LIFE = 86400 * 30; // 30 days max
$MAX_RESET_TOKEN_LIFE = 1200; // 20 minutes max
$MAX_TOKENS = 3;
$MINIMAL_PASSWORD_LENGTH = 8; $MINIMAL_PASSWORD_LENGTH = 8;
$config_array = json_decode(file_get_contents("config.json", true)); $config_array = json_decode(file_get_contents("config.json", true));
@ -202,7 +204,6 @@ function add_user($email, $first_name, $last_name, $clear_password)
return $query->execute(); return $query->execute();
} }
function change_user_password($user_id, $new_clear_password) function change_user_password($user_id, $new_clear_password)
{ {
global $PDO; global $PDO;
@ -418,3 +419,134 @@ function update_cupboard(
return $query->execute(); return $query->execute();
} }
function clean_old_reset_tokens()
{
global $PDO;
$sql = "DELETE FROM reset_password WHERE token_eol < CURRENT_TIMESTAMP();";
$query = $PDO->prepare($sql);
return $query->execute();
}
function is_reset_token_valid($token)
{
global $PDO;
$sql = "SELECT * FROM reset_password WHERE token = :token;";
$query = $PDO->prepare($sql);
$query->bindValue(":token", $token);
if ($query->execute()) {
foreach ($query as $row) {
return $row;
}
}
return false;
}
function delete_reset_token($token)
{
global $PDO;
$sql = "DELETE FROM reset_password WHERE token = :token;";
$query = $PDO->prepare($sql);
$query->bindValue(":token", $token);
return $query->execute();
}
function get_user_id_from_reset_token($token)
{
global $PDO;
$sql = "SELECT accounts.id AS id FROM accounts INNER JOIN reset_password
ON accounts.id = reset_password.user_id WHERE token = :token;";
$query = $PDO->prepare($sql);
$query->bindValue(":token", $token);
if ($query->execute()) {
if ($row = $query->fetch()) {
return $row["id"];
}
}
return false;
}
function get_token_count_from_email($email)
{
global $PDO;
$sql = "SELECT token FROM reset_password
INNER JOIN accounts ON reset_password.user_id = accounts.id
WHERE accounts.email = :email;";
$query = $PDO->prepare($sql);
$query->bindValue(":email", $email);
if ($query->execute()) {
return $query->rowCount();
}
return false;
}
function generate_reset_password_token($email)
{
global $PDO, $MAX_RESET_TOKEN_LIFE, $MAX_TOKENS;
$user_id = get_user_id_from_email($email);
if (
is_numeric($user_id)
&& get_token_count_from_email($email) < $MAX_TOKENS
) {
$random_token = generate_random_string();
$sql = "INSERT INTO reset_password(token, token_eol, user_id)
VALUES(:token, :token_eol, :user_id);";
$query = $PDO->prepare($sql);
$query->bindValue(":token", $random_token);
$query->bindValue(
":token_eol",
date('Y-m-d H:i:s', strtotime("now + $MAX_RESET_TOKEN_LIFE seconds")),
PDO::PARAM_STR
);
$query->bindValue(":user_id", $user_id);
if ($query->execute()) {
return $random_token;
}
}
return false;
}
function get_email_message($link, $first_name)
{
global $MAX_RESET_TOKEN_LIFE, $MAX_TOKENS;
$email = "Hey $first_name,<br>";
$email .= "<br>";
$email .= "Looks like you asked for a password reset, if so please click the link below (under " . $MAX_RESET_TOKEN_LIFE / 60 . " minutes from now) and reset you password on our website:<br>";
$email .= $link . "<br>";
$email .= "<br>";
$email .= "If it wasn't you who requested this, you can just ignore this message, and nothing will be done.<br>";
$email .= "<br>";
$email .= "Please remember that each link expires after " . $MAX_RESET_TOKEN_LIFE / 60 . " minutes, so this one will expire exactly at " . date('Y-m-d H:i:s', strtotime("now + $MAX_RESET_TOKEN_LIFE seconds")) . ".<br>";
$email .= "You can generate $MAX_TOKENS at maximum. So if you ever want to generate one more after this limit, you'd have to wait for the previous links to be deactivated.<br>";
$email .= "<br>";
$email .= "Thanks,<br>";
$email .= "The Food Inventory system";
return ["html" => $email, "alt" => str_replace("<br>", "\n", $email)];
}
function get_user_info_from_email($email)
{
global $PDO;
$sql = "SELECT * FROM accounts WHERE email = :email;";
$query = $PDO->prepare($sql);
$query->bindValue(":email", $email);
if ($query->execute()) {
foreach ($query as $row) {
return $row;
}
}
return false;
}

122
forgotten-password.php Normal file
View File

@ -0,0 +1,122 @@
<?php
// Include util functions
require_once("./assets/php/utils.php");
require_once("./assets/php/send_email.php");
clean_old_reset_tokens();
disconnect();
$password1_err = $password2_err = $mode = $submit_message = $link = "";
if (isset($_GET["token"]) && is_reset_token_valid($_GET["token"])) {
if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["password1"]) && isset($_POST["password2"])) {
if (empty(trim($_POST["password1"])) || strlen($_POST["password1"]) < $MINIMAL_PASSWORD_LENGTH) {
$password1_err = "The password is too short.";
} else if ($_POST["password1"] !== $_POST["password2"]) {
$password2_err = "Passwords didn't match.";
} else {
if (change_user_password(get_user_id_from_reset_token($_GET["token"]), $_POST["password1"])) {
delete_reset_token($_GET["token"]);
header("Location: login.php");
} else {
$password1_err = $password2_err = "There were an error while changing your password.";
}
}
} else if (
$_SERVER["REQUEST_METHOD"] === "POST" && (!isset($_POST["password1"]) || !isset($_POST["password2"]) || empty(trim($_POST["password1"])) || empty(trim($_POST["password1"])))
) {
$password1_err = "Please input a new password.";
}
} else {
if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["email"])) {
$token = generate_reset_password_token($_POST["email"]);
if ($token !== false) {
$link = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST']
. explode('?', $_SERVER['REQUEST_URI'], 2)[0] . "?token=$token";
$row = get_user_info_from_email($_POST["email"]);
$email_array = get_email_message($link, $row["first_name"]);
if ($row !== false) {
send_email(
$_POST["email"],
"Forgot your password? Let's get you a new one!",
$email_array["html"],
$email_array["alt"],
$row["first_name"],
$row["last_name"]
);
}
}
$submit_message = "If your e-mail address was correct, you should check your inbox.";
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<!-- TODO : ADD SEO STUFF -->
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<link href="/assets/css/reset.css" rel="stylesheet">
<link href="/assets/css/common.css" rel="stylesheet">
<link href="/assets/css/login.css" rel="stylesheet">
<title>Food inventory - Forgotten password</title>
</head>
<body>
<div class="center30left white">
<h2 class="montserrat" id="title">Need to reset?</h2>
<?php if (isset($_GET["token"]) && is_reset_token_valid($_GET["token"])) {
?>
<form action="<?php echo htmlspecialchars($_SERVER["REQUEST_URI"]); ?>" method="post">
<div class="flex-container flex-evenly">
<input type="password" name="password1" class="form-control halo-hover <?php echo (!empty($password1_err)) ? 'has-error' : ''; ?>" placeholder="Password">
<input type="password" name="password2" class="form-control halo-hover <?php echo (!empty($password2_err)) ? 'has-error' : ''; ?>" placeholder="Confirm password">
</div>
<div class="flex-container flex-evenly">
<div class="error">
<?php
if (!empty($password1_err)) echo $password1_err;
else echo $password2_err;
?>
</div>
</div>
<div class="form-group flex-container flex-vertical-center flex-evenly">
<input type="submit" class="halo-hover login-button" value="Reset">
<a href="/" class="login-button halo-hover other-buttons">Main page</a>
</div>
</form>
<?php
} else {
if ($submit_message === "") {
?>
<form action="<?php echo htmlspecialchars($_SERVER["REQUEST_URI"]); ?>" method="post">
<div class="flex-container flex-evenly">
<input type="email" name="email" class="form-control halo-hover" value="" placeholder="E-mail" required id="lost-email">
</div>
<div class="flex-container flex-evenly">
<div class="error">
<?php
if (!empty($password1_err)) echo $password1_err;
else echo $password2_err;
?>
</div>
</div>
<div class="form-group flex-container flex-vertical-center flex-evenly">
<input type="submit" class="halo-hover login-button" value="Reset">
<a href="/" class="login-button halo-hover other-buttons">Main page</a>
</div>
</form>
<?php
} else {
echo "<p class=\"error\">" . $submit_message . "</p>\n";
}
}
?>
</div>
</body>
</html>

3
login.php
View File

@ -91,7 +91,8 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
</div> </div>
<div class="form-group flex-container flex-vertical-center flex-evenly"> <div class="form-group flex-container flex-vertical-center flex-evenly">
<input type="submit" class="halo-hover login-button" value="Login"> <input type="submit" class="halo-hover login-button" value="Login">
<a href="register.php" class="login-button halo-hover other-buttons">You don't have an account? Register!</a> <a href="register.php" class="login-button halo-hover other-buttons">Register</a>
<a href="forgotten-password.php" class="login-button halo-hover other-buttons">Forgotten password?</a>
<a href="/" class="login-button halo-hover other-buttons">Main page</a> <a href="/" class="login-button halo-hover other-buttons">Main page</a>
</div> </div>
</form> </form>