-
Notifications
You must be signed in to change notification settings - Fork 0
/
pwd-forgetpassword.php
154 lines (123 loc) · 6.58 KB
/
pwd-forgetpassword.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
<?php include('./config/constants.php') ?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="./css/style.css">
<title>Reset Password</title>
<link rel="icon" type="images/x-icon" href="./images/logoicon.png" />
<script src="https://kit.fontawesome.com/ca1b4f4960.js" crossorigin="anonymous"></script>
</head>
<body>
<?php
//Import PHPMailer classes into the global namespace
//These must be at the top of your script, not inside a function
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
use PHPMailer\PHPMailer\Exception;
//Load Composer's autoloader
require './libraries/PHPMailer/vendor/autoload.php';
//starting session
if (session_status() === PHP_SESSION_DISABLED) {
session_start();
}
$emailNotFound = "";
// Function to validate input and prevent malicious code injection
function validateInput($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Get user email input
$email = validateInput($_POST['email']);
// checking the email address from database
$sql = "SELECT email FROM tbl_sysusers WHERE email='$email'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) == 1) {
// Generate a 6-digit OTP
$otp = str_pad(rand(0, 999999), 6, "0", STR_PAD_LEFT);
//getting current timestamp
$current_timestamp = time();
// Insert the OTP data into the tbl_password_reset table
$sql = "INSERT INTO tbl_password_reset (email, otp, created_at) VALUES ('$email','$otp','$current_timestamp')";
$res = mysqli_query($conn, $sql) or die($res);
// Send the OTP code to the user's email address using PHPMailer
//Create an instance; passing `true` enables exceptions
$mail = new PHPMailer(true);
try {
//Server settings
$mail->isSMTP(); //Send using SMTP
$mail->Host = 'smtp.gmail.com'; //Set the SMTP server to send through
$mail->SMTPAuth = true; //Enable SMTP authentication
$mail->Username = '[email protected]'; //SMTP username
$mail->Password = 'zycbeglgbinzqlgh'; //SMTP password
$mail->SMTPSecure = 'tls'; //Enable implicit TLS encryption
$mail->Port = 587; //TCP port to connect to; use 587 if you have set `SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS`
//Recipients
$mail->setFrom('[email protected]', 'Admin');
$mail->addAddress($email, ''); //Add a recipient
//Content
$mail->isHTML(true); //Set email format to HTML
$mail->Subject = 'OTP code for password reset';
$mail->Body = 'Your OTP code for password reset is: ' . $otp;
$mail->send();
echo 'Message has been sent';
//storing success message in session variable
$_SESSION['mailSent'] = "The OPT has been sent to your mail";
$_SESSION['email'] = $email;
// Redirect the user to the OTP verification page
header("Location: pwd-verifyotp.php?" . session_name() . '=' . session_id());
exit();
} catch (Exception $e) {
$emailNotFound = "The OTP could not be sent. Try again! ".$mail->ErrorInfo;
}
} else {
$emailNotFound = "*The user is not found !";
}
}
?>
<div class="top">
<div class="navbar">
<a href="./index.php"><img src="./images/logo.png" alt="logo" class="logo"></a>
<div class="nav-link">
<div class="normal-link">
<div class="nav-item item1"><a href="./index.php">Home</a></div>
<div class="nav-item item2"><a href="./services.php">Services</a></div>
<div class="nav-item item3"><a href="./about.php">About</a></div>
<div class="nav-item item4"><a href="./contactus.php">Contact Us</a></div>
</div>
<a href="./signin.php" class="nav-signin">
<div class="item5"><i class="fa-solid fa-right-from-bracket"></i> Sign In</div>
</a>
<div class="divider"></div>
<a href="./signup.php" class="nav-signin">
<div class="item5"><i class="fa-solid fa-arrow-up-from-bracket"></i> Sign Up</div>
</a>
</div>
</div>
</div>
<div class="bottom">
<div class="fgtpwd-wrapper">
<div class="container2">
<div class="container_content2">
<div class="container_content_inner2">
<div class="fgtpwd-heading">Reset Password</div><br />
<div class="fgtpwd-txt">Enter the email address associated with your account and to get the OTP code.</div>
<form class="form-signin" method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<input type="email" class="fgtpwd-input" name="email" pattern="^[\w.%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$" placeholder="Enter your Email Address Here" required="" /><br />
<p class="forgot-err-msg"><?php echo $emailNotFound;?></p>
<input type="submit" class="btn_continue forgot-continue" name="continue" value="Continue">
</form>
</div>
</div>
</div>
</div>
<div class="overlay"></div>
</div>
</body>
</html>