1

I have a reset password system in PHP. First - the forgot password.php sends to the customer an email with a link to reset the password. This one is composed of the email of the customer and a unique key code for resetting the password

this email is like :

Please click the following link to reset your password: .../resetpassword.php?email=pm.chaumien@me.com&code=5e1b876bb1e36

On this page... you have a form with 2 boxes for a new password.

<?php
include 'main.php';
// Output message
$email=$_GET['email'];
$code=$_GET['code'];
$msg = '';
// Now we check if the data from the login form was submitted, isset() will check if the data exists.
if (isset($_GET['email'], $_GET['code']) && !empty($_GET['code'])) {
    // Prepare our SQL, preparing the SQL statement will prevent SQL injection.
    $stmt = $pdo->prepare('SELECT * FROM accounts WHERE email = ? AND reset = ?');
    $stmt->execute([$_GET['email'], $_GET['code']]);
    $account = $stmt->fetch(PDO::FETCH_ASSOC);
    // If the account exists with the email and code
    if ($account) {
        if (isset($_POST['npassword'], $_POST['cpassword'])) {
            if (strlen($_POST['npassword']) > 20 || strlen($_POST['npassword']) < 5) {
                $msg = 'Password must be between 5 and 20 characters long!';
            } else if ($_POST['npassword'] != $_POST['cpassword']) {
                $msg = 'Passwords must match!';
            } else {
                $stmt = $pdo->prepare('UPDATE accounts SET password = ?, reset = "" WHERE email = ?');
                // We do not want to expose passwords in our database, so hash the password and use password_verify when a user logs in.
                $password = password_hash($_POST['npassword'], PASSWORD_DEFAULT);
                $stmt->execute([$password, $_GET['email']]);
                $msg = 'Password has been reset! You can now <a href="../index-2.html">login</a>!';
            }
        }
    } else {
        die('Incorrect email and/or code!');
    }
} else {
    die('Please provide the email and code!');
}
?>

<!DOCTYPE html>
<html lang="en">

<head>  
</head>

<body id="register_bg">

    <nav id="menu" class="fake_menu"></nav>

    <div id="preloader">
        <div data-loader="circle-side"></div>
    </div>
    <!-- End Preload -->

<div class="rsvp-form" id="login">
        <aside>
            <figure>
                <a href="../index-2.html"><img src="../img/logoBlack.png" width="64" height="64" data-retina="true" alt="" class="logo_sticky"></a>
            </figure>
           <?php echo 'email='.$email.'&'.'code='.$code?>


        <form action="resetpassword.php?email=<?=$_GET['email']?>&code=<?=$_GET['code']?" method="post">
                <div class="form-group">
                    <label>Your password</label>
                    <input class="form-control" type="password" name="npassword" id="npassword">
                    <i class="icon_lock_alt"></i>
                </div>
                <div class="form-group">
                    <label>Confirm password</label>
                    <input class="form-control" type="password" name="cpassword" id="cpassword">
                    <i class="icon_lock_alt"></i>
                </div>

          <!-- Do Not Remove! -->
          <p class="error"></p>
          <p class="message"></p>
          <!-- Do Not Remove! Ends! -->

                    <div id="pass-info" class="clearfix"></div>
                    <div class="text-right"><button type="submit" class="btn_1 rounded full-width add_top_30">Reset Password</button></div>

            </form>


<!-- COMMON SCRIPTS -->
    <script src="../js/jquery-2.2.4.min.js"></script>
    <script src="../js/common_scripts.js"></script>
    <script src="../js/main.js"></script>
    <script src="../assets/validate.js"></script>
    <script src="../assets/formreset.js"></script>



    <!-- SPECIFIC SCRIPTS -->
    <script src="../assets/pw_strenghtreset.js"></script>


</body>

For check this form I've a jquery with AJAX for the form action and the verification but on this one, it doesn't work.

$('.rsvp-form form').submit(function(event) {

  var $password = $(this).find('input[id="npassword"]');
  var $password1 = $(this).find('input[id="cpassword"]');



  $('.rsvp-form p.error').show();
  $('input[id="npassword"],input[id="cpassword"]').removeClass('error');



    if ($password.val() === '') {
    $('.rsvp-form p.error').addClass('active').html('<i class="fa fa-exclamation"></i> Veuillez saisir un mot de passe, svp !');
    $password.addClass('error').focus();
    return false;
  }

    if ($password1.val() === '') {
    $('.rsvp-form p.error').addClass('active').html('<i class="fa fa-exclamation"></i> Veuillez saisir un mot de passe, svp !');
    $password1.addClass('error').focus();
    return false;
  }


    if ($password1.val() != $password.val()) {
    $('.rsvp-form p.error').addClass('active').html('<i class="fa fa-exclamation"></i> les mots de passe ne correspondent pas !');
    $password1.addClass('error').focus();
    return false;
  }     

  if (request) {
    request.abort();
  }

  var $form = $(this);
  var $inputs = $form.find('input, button, textarea');
  var serializedData = $form.serialize();

  $inputs.prop('disabled', true);

  request = $.ajax({
    url: 'resetpassword.php?email=<?php echo $email; ?>&code=<?php echo $code; ?>',
    type: 'post',
    data: serializedData
  });

  request.done(function (response, textStatus, jqXHR){
    $('.rsvp-form p.error').hide();
    $('.rsvp-form p.message').html('success, password was changed').fadeOut(10000);
    $('.rsvp-form form').find('input[type=text], textarea, select').val('');
  });

  request.fail(function (jqXHR, textStatus, errorThrown){
    console.error(
      'The following error occured: '+
      textStatus, errorThrown
    );
  });

  request.always(function () {
    $inputs.prop('disabled', false);
  });

  event.preventDefault();

});

});
Pierre-Marie
  • 27
  • 4
  • 2
    We need more information than "it doesn't work." Do you see any errors in the console and are you getting a response from the server? – EternalHour Jan 13 '20 at 17:17
  • @EternalHour sorry I put all of my jquery.. and I think the issue is on the url ... – Pierre-Marie Jan 13 '20 at 17:57
  • You need to describe what happens when clicking the URL if you think that's the issue. – EternalHour Jan 13 '20 at 18:30
  • @EternalHour when I clicking on the button submit.... the p.message appear "success, password was changed" but the password was not changed in the database... – Pierre-Marie Jan 13 '20 at 19:41
  • @EternalHour this is my php code for the reset password – Pierre-Marie Jan 13 '20 at 19:42
  • @EternalHour I put all my code in the description, could u help to solve this issue ? – Pierre-Marie Jan 13 '20 at 21:47
  • I suspect your main problem is here: `url: 'resetpassword.php?email=&code='` You can't output PHP on the client side. If you check the request tab in the developer tools, you will see that. You need to debug the issue by checking what is received by the server and then sending back a response. – EternalHour Jan 13 '20 at 22:55
  • @EternalHour Thanks, I will do that – Pierre-Marie Jan 13 '20 at 23:01
  • Another big problem is that the page is reloading when your form is submitted. You need to add `e.preventDefault();` to your `submit` event so you can receive the response (at the top). See [this question](https://stackoverflow.com/questions/26567486/prevent-page-reload-and-redirect-on-form-submit-ajax-jquery) – EternalHour Jan 13 '20 at 23:12

0 Answers0