forked from dans77777/Intern-admin-collaboration
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcontrollerUserData.php
115 lines (107 loc) · 4.48 KB
/
controllerUserData.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
<?php
session_start();
require "conn.php";
$email = "";
$name = "";
$errors = array();
//if user click verification code submit button
if(isset($_POST['check'])){
$_SESSION['info'] = "";
$otp_code = mysqli_real_escape_string($con, $_POST['otp']);
$check_code = "SELECT * FROM alogin WHERE code = $otp_code";
$code_res = mysqli_query($con, $check_code);
if(mysqli_num_rows($code_res) > 0){
$fetch_data = mysqli_fetch_assoc($code_res);
$fetch_code = $fetch_data['code'];
$email = $fetch_data['email'];
$code = 0;
$status = 'verified';
$update_otp = "UPDATE alogin SET code = $code, status = '$status' WHERE code = $fetch_code";
$update_res = mysqli_query($con, $update_otp);
if($update_res){
$_SESSION['name'] = $name;
$_SESSION['email'] = $email;
header('location: home.php');
exit();
}else{
$errors['otp-error'] = "Failed while updating code!";
}
}else{
$errors['otp-error'] = "You've entered incorrect code!";
}
}
//if user click login button
//if user click continue button in forgot password form
if(isset($_POST['check-email'])){
$email = mysqli_real_escape_string($con, $_POST['email']);
$check_email = "SELECT * FROM alogin WHERE email='$email'";
$run_sql = mysqli_query($con, $check_email);
if(mysqli_num_rows($run_sql) > 0){
$code = rand(999999, 111111);
$insert_code = "UPDATE alogin SET code = $code WHERE email = '$email'";
$run_query = mysqli_query($con, $insert_code);
if($run_query){
$subject = "Password Reset Code";
$message = "Your password reset code is $code";
$sender = "From: [email protected]";
if(mail($email, $subject, $message, $sender)){
$info = "We've sent a passwrod reset otp to your email - $email";
$_SESSION['info'] = $info;
$_SESSION['email'] = $email;
header('location: reset-code.php');
exit();
}else{
$errors['otp-error'] = "Failed while sending code!";
}
}else{
$errors['db-error'] = "Something went wrong!";
}
}else{
$errors['email'] = "This email address does not exist!";
}
}
//if user click check reset otp button
if(isset($_POST['check-reset-otp'])){
$_SESSION['info'] = "";
$otp_code = mysqli_real_escape_string($con, $_POST['otp']);
$check_code = "SELECT * FROM alogin WHERE code = $otp_code";
$code_res = mysqli_query($con, $check_code);
if(mysqli_num_rows($code_res) > 0){
$fetch_data = mysqli_fetch_assoc($code_res);
$email = $fetch_data['email'];
$_SESSION['email'] = $email;
$info = "Please create a new password that you don't use on any other site.";
$_SESSION['info'] = $info;
header('location: new-password.php');
exit();
}else{
$errors['otp-error'] = "You've entered incorrect code!";
}
}
//if user click change password button
if(isset($_POST['change-password'])){
$_SESSION['info'] = "";
$password = mysqli_real_escape_string($con, $_POST['password']);
$cpassword = mysqli_real_escape_string($con, $_POST['cpassword']);
if($password !== $cpassword){
$errors['password'] = "Confirm password not matched!";
}else{
$code = 0;
$email = $_SESSION['email']; //getting this email using session
$HashPassword=password_hash($password,PASSWORD_BCRYPT,array('cost'=>11));
$update_pass = "UPDATE alogin SET code = $code, password = '$HashPassword' WHERE email = '$email'";
$run_query = mysqli_query($con, $update_pass);
if($run_query){
$info = "Your password changed. Now you can login with your new password.";
$_SESSION['info'] = $info;
header('Location: password-changed.php');
}else{
$errors['db-error'] = "Failed to change your password!";
}
}
}
//if login now button click
if(isset($_POST['login-now'])){
header('Location: adminlog.php');
}
?>