62 lines
1.9 KiB
PHP
62 lines
1.9 KiB
PHP
<?php
|
|
$rootPath = dirname(dirname(dirname(__DIR__)));
|
|
require_once($rootPath . '/src/config/env.php');
|
|
require_once($rootPath . '/src/config/connection.php');
|
|
require_once($rootPath . '/src/config/functions.php');
|
|
|
|
$response = array('status' => 'error', 'message' => 'Something went wrong');
|
|
|
|
if (isset($_POST['token'], $_POST['new_password'], $_POST['confirm_password'])) {
|
|
$token = $_POST['token'];
|
|
$new_password = $_POST['new_password'];
|
|
$confirm_password = $_POST['confirm_password'];
|
|
|
|
if ($new_password !== $confirm_password) {
|
|
$response['message'] = 'Passwords do not match.';
|
|
echo json_encode($response);
|
|
exit();
|
|
}
|
|
|
|
// Verify the token
|
|
$sql = "SELECT user_id FROM password_resets WHERE token = ? AND expires_at > NOW()";
|
|
$stmt = $conn->prepare($sql);
|
|
$stmt->bind_param("s", $token);
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
|
|
if ($result->num_rows === 0) {
|
|
$response['message'] = 'Token is invalid or expired.';
|
|
echo json_encode($response);
|
|
exit();
|
|
}
|
|
|
|
$user = $result->fetch_assoc();
|
|
$user_id = $user['user_id'];
|
|
|
|
// Hash the new password
|
|
$new_password_hash = password_hash($new_password, PASSWORD_BCRYPT);
|
|
|
|
// Update the new password in the database
|
|
$sql = "UPDATE users SET password = ? WHERE user_id = ?";
|
|
$stmt = $conn->prepare($sql);
|
|
$stmt->bind_param("si", $new_password_hash, $user_id);
|
|
|
|
if ($stmt->execute()) {
|
|
// Delete the token from the database
|
|
$sql = "DELETE FROM password_resets WHERE token = ?";
|
|
$stmt = $conn->prepare($sql);
|
|
$stmt->bind_param("s", $token);
|
|
$stmt->execute();
|
|
|
|
$response['status'] = 'success';
|
|
$response['message'] = 'Password has been successfully reset.';
|
|
} else {
|
|
$response['message'] = 'Failed to reset password.';
|
|
}
|
|
} else {
|
|
$response['message'] = 'Invalid form submission.';
|
|
}
|
|
|
|
echo json_encode($response);
|
|
?>
|