0

Regards, I'm doing a password recovery system in PHP, MySQL and AJAX, the system generates a link with an encrypted code and sends it to the user's mail.

Example of generated encrypted link:

$link = www.dominio.com/reset/?code=98rudrm2093xda

The user has to open the link from your email, to confirm the request, the site detects the code of the URL, using PHP and AJAX desencrita and compares it with the code for the database, if it exists then it creates a new password, this is all done in AJAX, but there is something, if the user returns to reload the web, you are receiving an alert that the code does not exist in the database.

Question:

As I can erase the code of the URL with jQuery, then reset the password, to prevent the alert window appears if I refresh the web page.

Is this possible?

I appreciate your help very much!

Learning and sharing
  • 1,378
  • 3
  • 25
  • 45

2 Answers2

3

What I'm understanding from your question is that you want a method to set up the password reset and not allow re-resetting.

  1. Send email with coded link
  2. Have user click the link and visit the page
  3. Page will get the code GET parameter (PHP or JS)
  4. Do some magic to check if code exists in database (PHP)
  5. If code exists, then allow password reset and delete code from database (PHP)
  6. If not, show error message (PHP)
  7. Redirect to index.html or index.php afterwards (JS)

The last step is to remove the URL variables. If the user checks that same URL again, it will go from step 3 on. Step 4 should stop a re-reset of the password.

Jonathan Lam
  • 16,831
  • 17
  • 68
  • 94
  • As @Lionel Richie said I wonder if it is possible to remove, update a browser or delete URL without refreshing the web page. – Learning and sharing Dec 24 '15 at 03:36
  • @Learningandsharing Oh, okay. (Also, tag a user by prepending with an `@`, not using the `[ square brackets ]` like the tags for a question) – Jonathan Lam Dec 24 '15 at 03:37
  • @Learningandsharing If that's the case, look at [this question](http://stackoverflow.com/questions/824349/modify-the-url-without-reloading-the-page) and its answers. I think it's what you're looking for. – Jonathan Lam Dec 24 '15 at 03:38
1

You could use this which would technically refresh the page.

window.location.href = window.location.href.split('?')[0];

If you didn't want to refresh or redirect you could use this .pushState() which will update your browser history and change the URL on the page. This would prevent refresh, but hitting the back button on your browser would trigger the refresh again.

EXAMPLE: history.pushState('/some-url');

You could also explore the other HTML5 history API methods like history.replaceState()

However, none of this is probably best practice - I would think your best bet would be to let the querystring remain intact, but only trigger the Alert box / reset on the AJAX return if a password is set correctly.

In other words, have your reset handler return a readable response returning proper headers (eg 200 for success, 4xx for fail, etc), and adjust your $.ajax() call to something more like:

$.ajax({
    url: your_url,
    data: your_data,
    type: 'POST',
    success: function(e) {
        // Password was reset
        // ...show your alert
    },
    error: function(e) {
        // Code wasn't found or reset failed
        // ...do nothing or show an error
    }
});
Lionel Ritchie the Manatee
  • 541
  • 2
  • 7