pguzman/Rosary
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
21e856f2506a7595ab733d2bb6a02830dcb51b55
Rosary/reset_password.php
T
pguzman 663fde3909 Initial commit — Rosary Presenter App 
Full source for loveandrosary.com: slide-based Rosary/novena/Divine Mercy
Chaplet presentation tool with multi-user roles, SVG bead ring, audio uploads,
donate strip, and public session profiles.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 18:44:08 -07:00

94 lines
3.3 KiB
PHP
Raw Blame History

<?php
require_once __DIR__ . '/config/db.php';
$site_name = get_setting('site_name', APP_NAME);
$token = trim($_GET['token'] ?? '');
$errors = [];
$success = false;
if ($token === '') {
header('Location: ' . BASE_URL . '/forgot-password');
exit;
}
$pdo = get_pdo();
$stmt = $pdo->prepare('SELECT id, username FROM users WHERE reset_token = ? AND reset_expires > NOW() LIMIT 1');
$stmt->execute([$token]);
$user = $stmt->fetch();
if (!$user) {
$token_invalid = true;
}
if (!isset($token_invalid) && $_SERVER['REQUEST_METHOD'] === 'POST') {
$password = $_POST['password'] ?? '';
$password_confirm = $_POST['password_confirm'] ?? '';
if (strlen($password) < 8) {
$errors[] = 'Password must be at least 8 characters.';
}
if ($password !== $password_confirm) {
$errors[] = 'Passwords do not match.';
}
if (empty($errors)) {
$hash = password_hash($password, PASSWORD_BCRYPT);
$pdo->prepare('UPDATE users SET password_hash = ?, reset_token = NULL, reset_expires = NULL WHERE id = ?')
->execute([$hash, $user['id']]);
$success = true;
header('Location: ' . BASE_URL . '/login?reset=1');
exit;
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="icon" type="image/svg+xml" href="<?= BASE_URL ?>/favicon.svg">
<title>Reset Password — <?= htmlspecialchars($site_name) ?></title>
<link rel="stylesheet" href="<?= BASE_URL ?>/assets/css/setup.css">
</head>
<body class="login-page">
<div class="login-box">
<h1>&#x271D; <?= htmlspecialchars($site_name) ?></h1>
<h2>Reset Password</h2>
<?php if (isset($token_invalid)): ?>
<div class="alert alert-error">
This password reset link is invalid or has expired.
</div>
<div style="margin-top:16px;text-align:center">
<a href="<?= BASE_URL ?>/forgot-password" class="btn btn-primary">Request a new link</a>
</div>
<?php else: ?>
<?php if (!empty($errors)): ?>
<div class="alert alert-error">
<?php foreach ($errors as $err): ?>
<div><?= htmlspecialchars($err) ?></div>
<?php endforeach; ?>
</div>
<?php endif; ?>
<form method="post" action="<?= BASE_URL ?>/reset-password?token=<?= urlencode($token) ?>">
<div class="form-group">
<label for="password">New Password <span class="required">*</span></label>
<input type="password" id="password" name="password"
minlength="8" autocomplete="new-password" autofocus required>
<p class="help-text">At least 8 characters.</p>
</div>
<div class="form-group">
<label for="password_confirm">Confirm New Password <span class="required">*</span></label>
<input type="password" id="password_confirm" name="password_confirm"
minlength="8" autocomplete="new-password" required>
</div>
<button type="submit" class="btn btn-primary btn-full">Set New Password</button>
</form>
<?php endif; ?>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink