One of the simplest methods is where the user is in our database with an email.
In order to reset the password, we will generate a token necessary to change the password.
The essential files are the following:
- login.php – it offers the possibility of accessing the account;
- trimit_email.php – the user will receive a link via email to change the password.
- astept.php – email confirmation message
- scb.php – it contains the actual form for changing the password
Other required files are:
- aut.php – it is for connecting to the database and creating the work session
- index.php – this can be the application’s home page
- logout.php – closing the session
- stil.css – CSS classes used
- tabela.sql – script required to create the table in the database
login.php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 |
<?php include('aut.php'); ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Resetare parola</title> <link rel="stylesheet" href="stil.css"> </head> <body><?php IF (ISSET($_POST['btnLogare'])) { $utiliz_mail = fc_prev_inj($_POST['utiliz_mail']); $parola = fc_prev_inj($_POST['parola']); SWITCH (TRUE) { CASE EMPTY($utiliz_mail) && EMPTY($parola): $msj = "Nume utilizator/Email necesar!"; $stil_msj="rosu"; $succes=0; BREAK; CASE EMPTY($utiliz_mail) && !EMPTY($parola): $msj = "Nume utilizator/Email lipsă!"; $stil_msj="rosu"; $succes=0; BREAK; CASE !EMPTY($utiliz_mail) && EMPTY($parola): $msj = "Parola este necesară!"; $stil_msj="rosu"; $succes=0; BREAK; CASE !EMPTY($utiliz_mail) && !EMPTY($parola): $msj = ""; $stil_msj="verde"; $succes=1; BREAK; } IF ($succes==1) { $parola = MD5($parola); $sql = " SELECT * FROM utiliz_par_scb WHERE (utiliz='$utiliz_mail' OR email='$utiliz_mail') AND parola='$parola' "; $results = mysqli_query($con, $sql); IF (mysqli_num_rows($results) == 1) { $_SESSION['utiliz_mail'] = $utiliz_mail; $msj = "Sunteţi logat!"; $stil_msj="verde"; header('location: index.php'); } ELSE { $msj = "Credenţiale eronate!"; $stil_msj="rosu"; $succes=0; } } } ?> <form class="" action="" method="POST"> <fieldset class=""> <legend>Logare</legend> <label for="utiliz_mail">Nume utilizator / Email</label><input type="text" name="utiliz_mail" > <label for="parola">Parola</label><input type="password" name="parola" > <button type="submit" name="btnLogare" class="">Logare</button> </fieldset> <?php IF (ISSET($msj)) { ECHO "<div class='msj $stil_msj'>".$msj.'</div>'; $_SESSION['msj']=$msj; } IF (ISSET($succes) && ($succes==0)) { ECHO '<p><a href="trimit_email.php">Resetare parolă</a></p>'; } ELSEIF (ISSET($succes) && ($succes==1)) { $_SESSION['succes']=$succes; } ?> </form> </body> </html> |
trimit_email.php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
<?php include('aut.php'); ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Resetare parola PHP</title> <link rel="stylesheet" href="stil.css"> </head> <body><?php ob_start(); IF(ISSET($_SERVER['HTTPS'])) {$tip_http="https://";} ELSE {$tip_http="http://";} DEFINE ('CALE_DIR',$tip_http.$_SERVER['SERVER_NAME'].str_replace(pathinfo(__FILE__, PATHINFO_BASENAME), '',$_SERVER['SCRIPT_NAME'])); IF (ISSET($_POST['btnTrimitMail'])) { $email =fc_prev_inj($_POST['email']); $query = " SELECT email FROM utiliz_par_scb WHERE email='$email' "; $results = mysqli_query($con, $query); IF (EMPTY($email)) { $msj = "Email necesar!"; $stil_msj="rosu"; $tmp_mail=0; } ELSEIF(mysqli_num_rows($results) <= 0) { $msj = "Nu există acest e-mail în sistemul nostru."; $stil_msj="rosu"; $tmp_mail=0; } ELSE { $tmp_mail=1; } $token = bin2hex(random_bytes(50)); IF ($tmp_mail==1 ) { $sql = " UPDATE `utiliz_par_scb` SET parola='' , token='$token' WHERE email='$email' "; $results = mysqli_query($con, $sql); $link_token=CALE_DIR."scb.php?token=".$token; $to = $email; $subject = "Resetare parolă pe ovio.ro"; $msg = "Bună! <br>Pentru a vă reseta parola pe site-ul nostru, vă rugăm să daţi click pe acest link: ".$link_token; $msg = stripslashes($msg); $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $headers = "From: it.fpse@uaic.ro"; mail($to, $subject, $msg, $headers); header('location: astept.php?email=' . $email); } } ob_end_flush(); ?> <form class="" action="" method="POST"> <fieldset class="sectiunea1"> <legend>Resetare parolă</legend> <label for="email">E-mail-ul dvs.</label><input type="email" name="email"> <button type="submit" name="btnTrimitMail" class="">Trimitere</button> </fieldset> <?php IF (ISSET($msj)){ ECHO "<div class='msj $stil_msj'>".$msj.'</div>';$_SESSION['msj']=$msj;} ?> </form> </body> </html> |
astept.php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Password Reset PHP</title> <link rel="stylesheet" href="stil.css"> </head> <body> <form class="" action="" method="POST"> <fieldset class=""> <legend>Email trimis</legend> <p> Am trimis un e-mail la adresa <strong><?php echo $_GET['email'] ?></strong> pentru schimbarea parolei. <br>Aşadar, vă rugăm să vă accesaţi e-mail-ul şi să daţi click pe linkul respectiv. </p> <p>Este recomandabil să verificaţi şi în SPAM.</p> <a href="javascript:fc_inchid_tab();">Închidere</a> </fieldset> </form> <script> function fc_inchid_tab() { if (confirm("Inchidem fereastra?")) { close(); } } </script> </body> </html> |
scb.php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
<?php ob_start(); require('aut.php'); ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Parolă noua</title> <link rel="stylesheet" href="stil.css"> </head> <body><?php IF(ISSET($_GET['token'])) { $token = $_GET['token']; $_SESSION['token'] = $token; } IF (ISSET($_POST['btnPwdNoua'])) // ENTER A NEW parola { $parola_noua = fc_prev_inj($_POST['parola_noua']); $confirmare = fc_prev_inj($_POST['confirmare']); $token = $_SESSION['token']; SWITCH (TRUE) { CASE EMPTY($parola_noua) && EMPTY($confirmare): $msj = "Trebuie introdusă parola şi confirmarea ei!"; $stil_msj="rosu"; $succes=0; BREAK; CASE EMPTY($parola_noua) && !EMPTY($confirmare): $msj = "Parola este solicitată!"; $stil_msj="rosu"; $succes=0; BREAK; CASE !EMPTY($parola_noua) && EMPTY($confirmare): $msj = "Este necesară confirmarea!"; $stil_msj="rosu"; $succes=0; BREAK; CASE !EMPTY($parola_noua) && !EMPTY($confirmare): IF ($parola_noua !== $confirmare) { $msj="Nepotrivire parolă"; $stil_msj="rosu"; $succes=0; } ELSE { $sql = " SELECT id, email FROM utiliz_par_scb WHERE token='$token' LIMIT 1 "; $results = mysqli_query($con, $sql); $rd=mysqli_fetch_assoc($results); IF(ISSET($rd['email'])) {$email = $rd['email'];} IF(ISSET($rd['id'])) { $id = $rd['id']; $surogat=$id.'_'.base64_encode($id); // Câmpul token fiind UNIQUE, nu acceptă valori NULE } IF (ISSET($email)) { $parola_noua = md5($parola_noua); $sql = " UPDATE utiliz_par_scb SET parola='$parola_noua' , token='$surogat' WHERE email='$email' "; $results = mysqli_query($con, $sql); IF($results) { $msj="Parola a fost actualizată!"; $stil_msj="verde"; $succes=1; header('location: index.php'); } } ELSE { $msj="Token-ul a fost distrus!"."<br><a href='trimit_email.php'>Reluaţi procedura de schimbare a parolei</a><br><a href='login.php'>Reveniţi la formularul de logare</a>"; $stil_msj="rosu"; $succes=0; } } BREAK; } IF (ISSET($succes)) {$_SESSION['succes']=$succes;} } ob_end_flush(); ?> <form class="" action="" method="POST"> <fieldset class="sectiunea1"> <legend>Parolă nouă</legend> <label for="email">Noua parolă</label><input type="password" name="parola_noua"> <label for="email">Confirmare parolă</label><input type="password" name="confirmare"> <button type="submit" name="btnPwdNoua" class="">Schimbă parola</button> </fieldset> <?php IF (ISSET($msj)) { ECHO "<div class='msj $stil_msj'>".$msj.'</div>'; $_SESSION['msj']=$msj; } ?> </form> </body> </html> |
aut.php
1 2 3 4 5 6 7 8 9 10 11 12 |
<?php session_start(); require_once "config.php"; FUNCTION fc_prev_inj($contin) { Global $con; $contin = trim($contin); $contin = stripslashes($contin); $contin = htmlspecialchars($contin); $contin = mysqli_real_escape_string($con, $contin); return $contin; } |
stil.css
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
body {margin:0;} form {border:0px solid red; width:max-content;margin: 50px auto;box-shadow: 0 0 7px 1px gray;padding:10px;} legend {text-transform:uppercase; font-size: 1.5em;} fieldset label {border: 0px solid red;clear:left;display:inline-box;float:left;min-width:175px;margin:10px 0 10px 0;} fieldset input {float:left;margin:10px 0 10px 0;padding:5px;} button {margin:10px auto;min-width:100px;display:block;clear:both;padding:10px;cursor:pointer;} form a {text-decoration:none; width:max-content;display:block;clear:both;margin:0px 0 0px auto;border: 0px solid red;text-align:right;box-shadow: 0 0 3px 1px gray;padding:10px;} form a:hover {box-shadow: 0 0 7px 1px lightgray;} .msj {width:max-content;margin: 5px auto;border-radius: 5px;border: 1px solid moccasin; background: lightyellow;text-align: left;padding: 10px;} .rosu {color:red;font-weight:bold;} .verde {color:green; font-weight:bold;} .cvasimnu {border:0px solid red; width:100%;margin:0px auto 5px auto; padding:10px; overflow:clip;text-align:center;background:lightgray;} .cvasimnu a {text-decoration:none;padding:3px 15px;box-shadow: 0 0 3px 1px gray;margin: 0 15px; background:white; width:145px; display:inline-block} .cvasimnu a:hover {box-shadow: 0 0 7px 1px lightgray;font-weight:bold; padding: auto 5px;} |
index.php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Resetare parola</title> <link rel="stylesheet" href="stil.css"> </head> <body> <div class="cvasimnu"> <a href="login.php">Login</a><a href="trimit_email.php">Recuperare parolă</a><a href="logout.php">Ieşire</a> </div> <?php session_start(); IF (ISSET($_SESSION['succes']) ){ ECHO "<div class='msj verde'>".$_SESSION['msj'].'</div>';} ?> </body> </html> |
logout.php
1 2 3 4 5 |
<?php session_start(); session_destroy(); header("location:login.php"); ?> |
tabela.sql
1 2 3 4 5 6 7 8 9 |
CREATE TABLE `utiliz_par_scb1` ( `id` int(11) NOT NULL PRIMARY KEY AUTO_INCREMENT, `utiliz` varchar(100) COLLATE utf8mb4_romanian_ci NOT NULL, `email` varchar(100) COLLATE utf8mb4_romanian_ci NOT NULL, `parola` varchar(255) COLLATE utf8mb4_romanian_ci NOT NULL, `token` varchar(100) COLLATE utf8mb4_romanian_ci NOT NULL, UNIQUE KEY `email` (`email`), UNIQUE KEY `token` (`token`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_romanian_ci; |