Home Explore Help
Register Sign In
benjamin.harris
/
soil-report-ai
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: c1030aa24c
Branches Tags
soil-report-ai
/
login
/
reset-password.php

reset-password.php 4.7 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111 
  1. <?php
    2. 

  2. require_once __DIR__ . '/../config/database.php';
    3. 

  3. require_once __DIR__ . '/../lib/auth.php';
    4. 

  4. require_once __DIR__ . '/../lib/csrf.php';
    5. 

  5. 

  6. if (isLoggedIn()) {
    7. 

  7.     header('Location: /dashboard/dashboard.php');
    8. 

  8.     exit;
    9. 

  9. }
    10. 

  10. 

  11. $token = trim($_GET['token'] ?? '');
    12. 

  12. $error = '';
    13. 

  13. $done  = false;
    14. 

  14. 

  15. // Validate token on page load
    16. 

  16. if ($token === '') {
    17. 

  17.     header('Location: /login/forgot-password.php');
    18. 

  18.     exit;
    19. 

  19. }
    20. 

  20. 

  21. $tokenEmail = validatePasswordResetToken($token);
    22. 

  22. if ($tokenEmail === null) {
    23. 

  23.     $error = 'This reset link is invalid or has expired. Please request a new one.';
    24. 

  24. }
    25. 

  25. 

  26. if ($_SERVER['REQUEST_METHOD'] === 'POST' && $tokenEmail !== null) {
    27. 

  27.     if (!verifyCsrfToken($_POST['csrf_token'] ?? '')) {
    28. 

  28.         $error = 'Invalid request. Please try again.';
    29. 

  29.     } else {
    30. 

  30.         $password  = $_POST['password']         ?? '';
    31. 

  31.         $password2 = $_POST['password_confirm'] ?? '';
    32. 

  32. 

  33.         if (strlen($password) < 8) {
    34. 

  34.             $error = 'Password must be at least 8 characters.';
    35. 

  35.         } elseif ($password !== $password2) {
    36. 

  36.             $error = 'Passwords do not match.';
    37. 

  37.         } else {
    38. 

  38.             if (resetPassword($token, $password)) {
    39. 

  39.                 $done = true;
    40. 

  40.             } else {
    41. 

  41.                 $error = 'This reset link is invalid or has expired. Please request a new one.';
    42. 

  42.             }
    43. 

  43.         }
    44. 

  44.     }
    45. 

  45. }
    46. 

  46. 

  47. $pageTitle = 'Reset Password';
    48. 

  48. include __DIR__ . '/_head.php';
    49. 

  49. ?>
    50. 

  50. 

  51. <div class="container">
    52. 

  52.     <div class="row justify-content-center">
    53. 

  53.         <div class="col-xl-10 col-lg-12 col-md-9">
    54. 

  54.             <div class="card o-hidden border-0 shadow-lg my-5">
    55. 

  55.                 <div class="card-body p-0">
    56. 

  56.                     <div class="row">
    57. 

  57.                         <div class="col-lg-6 d-none d-lg-block bg-login-image"></div>
    58. 

  58.                         <div class="col-lg-6">
    59. 

  59.                             <div class="p-5">
    60. 

  60.                                 <div class="text-center mb-4">
    61. 

  61.                                     <h1 class="h4 text-gray-900">Reset Your Password</h1>
    62. 

  62.                                 </div>
    63. 

  63. 

  64.                                 <?php if ($done): ?>
    65. 

  65.                                     <div class="alert alert-success" role="alert">
    66. 

  66.                                         Your password has been reset.
    67. 

  67.                                         <a href="/login/login.php?reset=1">Click here to log in.</a>
    68. 

  68.                                     </div>
    69. 

  69. 

  70.                                 <?php elseif ($error !== '' && $tokenEmail === null): ?>
    71. 

  71.                                     <div class="alert alert-danger"><?= htmlspecialchars($error, ENT_QUOTES, 'UTF-8') ?></div>
    72. 

  72.                                     <div class="text-center">
    73. 

  73.                                         <a href="/login/forgot-password.php">Request a new reset link</a>
    74. 

  74.                                     </div>
    75. 

  75. 

  76.                                 <?php else: ?>
    77. 

  77.                                     <?php if ($error !== ''): ?>
    78. 

  78.                                         <div class="alert alert-danger"><?= htmlspecialchars($error, ENT_QUOTES, 'UTF-8') ?></div>
    79. 

  79.                                     <?php endif; ?>
    80. 

  80. 

  81.                                     <form method="POST" action="/login/reset-password.php?token=<?= urlencode($token) ?>" novalidate>
    82. 

  82.                                         <input type="hidden" name="csrf_token" value="<?= generateCsrfToken() ?>">
    83. 

  83. 

  84.                                         <div class="mb-3">
    85. 

  85.                                             <input type="password" name="password" class="form-control form-control-user"
    86. 

  86.                                                    placeholder="New Password (min 8 chars)" required autofocus>
    87. 

  87.                                         </div>
    88. 

  88.                                         <div class="mb-3">
    89. 

  89.                                             <input type="password" name="password_confirm" class="form-control form-control-user"
    90. 

  90.                                                    placeholder="Confirm New Password" required>
    91. 

  91.                                         </div>
    92. 

  92.                                         <button type="submit" class="btn btn-success btn-user btn-block w-100 mb-3">
    93. 

  93.                                             Set New Password
    94. 

  94.                                         </button>
    95. 

  95.                                     </form>
    96. 

  96.                                 <?php endif; ?>
    97. 

  97. 

  98.                                 <hr>
    99. 

  99.                                 <div class="text-center">
    100. 

  100.                                     <a class="small" href="/login/login.php">Back to Login</a>
    101. 

  101.                                 </div>
    102. 

  102.                             </div>
    103. 

  103.                         </div>
    104. 

  104.                     </div>
    105. 

  105.                 </div>
    106. 

  106.             </div>
    107. 

  107.         </div>
    108. 

  108.     </div>
    109. 

  109. </div>
    110. 

  110. 

  111. <?php include __DIR__ . '/_foot.php'; ?>
    112.