Last active
February 1, 2018 07:33
-
-
Save antriver/9477973 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* When user clicks the "yes, that's my email" link... | |
*/ | |
//Make a unique key | |
$key = uniqid(); | |
//Store in the database | |
$row = new stdClass(); | |
$row->userid = $userID; // (Need the userID from somewhere. Could use email instead probably) | |
$row->key = $key; | |
$row->time = time(); | |
$DB->insert_record('password_reset_keys', $row); | |
$url = "http://dragonnet.ssis-suzhou.net/dragonnet_reset_passwords/reset_password.php?userID={$userID}&key={$key}"; | |
$message = "Hi, click here to reset your password: {$url}"; | |
mail($email, 'Password Reset Link', $message); | |
?> | |
<?php | |
/** | |
* reset_password.php | |
*/ | |
$key = required_param('key', PARAM_RAW); | |
$userID = required_param('userID', PARAM_RAW); | |
// Check key is valid | |
$row = $DB->get_record('password_reset_keys', array( | |
'userID' => $userID, | |
'key' => $key, | |
'used' => 0 | |
)); | |
if (!$row) { | |
die("That key is invalid"); | |
} | |
// How long should the link be valid for (in seconds)? | |
if (time() - $row->time > 86400) { | |
die("Sorry, that link has expired"); | |
} | |
// Get user | |
$user = $DB->get_record('user', array('id' => $userID)); | |
if ($new_password = $_POST['new_password']) { | |
//Password resetting time | |
update_internal_user_password($user, $new_password); | |
//Set the key as used | |
$DB->update_field('password_reset_keys', 'used', 1, array('key' => $key); | |
echo "Done!"; | |
} else { | |
// Show form to enter a new password here | |
?> | |
<form action="reset_password.php" method="post"> | |
<input type="hidden" name="key" value="<?=$key?>" /> | |
<input type="hidden" name="userID" value="<?=$userID?>" /> | |
<input type="password" name="new_password" value="" /> | |
<? //TODO: add another box to confirm password ?> | |
<input type="submit" value="Change Password" /> | |
</form> | |
<?php | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment