-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathreset-password.php
54 lines (34 loc) · 1.29 KB
/
reset-password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
<?php
include_once 'class/stylist.class.php';
if(isset($_POST['reset'])){
//have two tokens
//one to authenticate
//check the database
$selector = bin2hex(random_bytes(8));
$token = random_bytes(32);
$url = "www.book_beauty.net/forgottenpwd/create-new-password.php?selector=".$selector."&validator=".bin2hex($token);
$expires = date("U") + 1800; //expire one hour from now
$useremail = $_POST['email'];
//delete any existing tokens inside the database
$style = new stylist();
$style->deleteToken($useremail);
//hashtoken
$hashedToken = password_hash($token, PASSWORD_DEFAULT);
$style->setToken($useremail,$selector,$hashedToken,$expires);
$to = $useremail;
$subject = 'Reset your password for book_beauty';
$message = '<p>We recieved a password reset request .The link to reset your password make this request, you can ignore this email</p>';
$message.= '<p>Here is your password reset link:</br>';
$message.='<a href="' .$url . '">' . $url . '</a></p>';
$headers = "From:book_beauty <[email protected]>\r\n";
$headers.="Reply-To:<[email protected]>\r\n";
$headers.="Content-type:text/html\r\n";
mail($to, $subject, $message, $headers);
header("Location:/forgotpassword.php?reset=success");
}
else{
echo"
<script>
window.location.href='stylistlogin.php';
</script>";
}