diff options
author | Chaoyi Zha <summermontreal@gmail.com> | 2015-09-13 20:08:31 +0300 |
---|---|---|
committer | Chaoyi Zha <summermontreal@gmail.com> | 2015-09-13 20:08:31 +0300 |
commit | ecd6ca01f95230d497f37586923b748e9b48564f (patch) | |
tree | 99501af0c08196692b091463df65d4292a53bf48 | |
parent | 192015304de1565c4ed819dc3f3bfa4474289c1c (diff) |
more refactoring
-rw-r--r-- | forgotpass.php | 28 | ||||
-rw-r--r-- | fpasslib.php | 4 |
2 files changed, 14 insertions, 18 deletions
diff --git a/forgotpass.php b/forgotpass.php index c5e41f2..9ae0edd 100644 --- a/forgotpass.php +++ b/forgotpass.php @@ -10,18 +10,17 @@ require_once 'lib-auth.php'; // require auth libs require_once 'helpers/helper-mailsend.php'; // require mail libs require_once 'lib-password.php'; // require password encryption libs require_once 'fpasslib.php'; // require fpass functions -// require_once('ayah.php'); $polrauth = new polrauth(); $fpass = new fpass(); require_once 'layout-headerlg.php'; if (isset($_POST['rnpass']) && isset($_POST['npass']) && isset($_POST['crkey']) && isset($_POST['cuser'])) { - // if submitting new pw + // if submitting new password $ckey = $mysqli->real_escape_string($_POST['crkey']); $rnpass = $mysqli->real_escape_string($_POST['rnpass']); $cuser = $mysqli->real_escape_string($_POST['cuser']); $npass = $mysqli->real_escape_string($_POST['npass']); - $userinfoc = $polrauth->getinfomu($cuser); // fetch info + $userinfoc = $polrauth->getinfomu($cuser); // fetch the user's information if ($userinfoc == false) { echo "<h2>That username is not associated with any account. Please try again.</h2>" . "<br />" @@ -36,16 +35,18 @@ if (isset($_POST['rnpass']) && isset($_POST['npass']) && isset($_POST['crkey']) require_once 'layout-footerlg.php'; die(); } - if ($userinfoc['rkey'] == $_POST['crkey']) { // if rkey & user check out + if ($userinfoc['rkey'] == $_POST['crkey']) { + // if the rkey is correct if ($npass != $rnpass) { // if new pass & repeat don't match require_once 'layout-headerlg.php'; echo "<h2>Passwords don't match. Try again. (click the link in the email again)</h2>"; require_once 'layout-footerlg.php'; die(); - } else { // all checks out - $fpass->changepass($npass, $cuser); // change pass - $polrauth->crkey($cuser); //change rkey + } else { + // everything is as expected, perform password reset + $fpass->changepass($npass, $cuser); // update the user's password + $polrauth->crkey($cuser); // update their reset token require_once 'layout-headerlg.php'; echo "<h2>Password changed.</h2>"; require_once 'layout-footerlg.php'; @@ -56,7 +57,7 @@ if (isset($_POST['rnpass']) && isset($_POST['npass']) && isset($_POST['crkey']) $fpass = new fpass(); if (isset($_GET['key']) && isset($_GET['username'])) { $username = $mysqli->real_escape_string($_GET['username']); - $userinfoc = $polrauth->getinfomu($username); // fetch info + $userinfoc = $polrauth->getinfomu($username); if ($userinfoc == false) { echo "<h2>That username is not associated with any account. Please try again.</h2>" . "<br />" @@ -65,13 +66,12 @@ if (isset($_GET['key']) && isset($_GET['username'])) { die(); } if ($userinfoc == false) { - // if user does not exist + // if the user does not exist require_once 'layout-headerlg.php'; echo "<h2>User or key invalid or already used.</h2>"; require_once 'layout-footerlg.php'; die(); } - //var_dump($userinfoc); if ($userinfoc['rkey'] == $_GET['key']) { require_once 'layout-headerlg.php'; echo "<h2>Change Password for {$_GET['username']}</h2>"; @@ -88,13 +88,9 @@ if (isset($_GET['key']) && isset($_GET['username'])) { die(); } } -/* - if (isset($_POST['username']) == true && isset($_POST['key']) == true) { - } - */ + @$email = $_POST['email']; if (!$email) { - // if requesting form echo "<h2>Forgot your password?</h2>" . "<br/ >" . "<form action='forgotpass.php' method='POST' style='margin:0 auto; width: 450px'>" @@ -125,6 +121,6 @@ if ($userinfo == false) { } $rkey = $userinfo['rkey']; $username = $userinfo['username']; -$fpass->sendfmail($email, $username, $rkey); // send the email +$fpass->sendfmail($email, $username, $rkey); echo "Email successfully sent. Check your inbox for more info."; require_once 'layout-footerlg.php'; diff --git a/fpasslib.php b/fpasslib.php index 3b737d9..a25d496 100644 --- a/fpasslib.php +++ b/fpasslib.php @@ -1,5 +1,5 @@ <?php -// includes for forgotpassword functions +// includes for password resets require_once 'helpers/helper-mailsend.php'; require_once 'lib-auth.php'; require_once 'lib-core.php'; @@ -20,7 +20,7 @@ class fpass { . "<br />" . "Cheers,<br />" . "The {$wsn} Team<br />"; - $sgmail->sendmail($to, $subject, $message); //actually send the email + $sgmail->sendmail($to, $subject, $message); // send email } public function hash($pass) { $opts = [ |