-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathRequestKey.php
More file actions
executable file
·38 lines (30 loc) · 1.45 KB
/
RequestKey.php
File metadata and controls
executable file
·38 lines (30 loc) · 1.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
<?php
session_start();
require_once('ConnectDB.php');
// check for input
if (isset($_POST) & !empty($_POST)){
$email = mysqli_real_escape_string($conn, $_POST['emailinfo']);
$query = "SELECT * FROM `FreebaseQA_Users` WHERE `email` = '$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
if ($count == 1){
$username = mysqli_fetch_assoc($result)['username'];
// create key expiry time
$expiry = time() + 86400;
// create password token
$token = bin2hex(openssl_random_pseudo_bytes(16));
$hash = password_hash($token, PASSWORD_DEFAULT);
// delete key info for the username if already exists
$query = "DELETE FROM `FreebaseQA_PasswordRecovery` WHERE `username` = '$username';";
mysqli_query($conn, $query);
$query = "INSERT INTO `FreebaseQA_PasswordRecovery` (`username`, `key_hash`, `expiry`) VALUES ('$username', '$hash', $expiry);";
mysqli_query($conn, $query);
// send email
$subject = "Reset Your Password";
$message = "Username: " . $username . "\nHere is your password recovery key: " . $token . "\nCopy this key into the Reset Key field on the site to get a new password. Note that this key will expire in 24 hours or after 1 successful use.";
$headers = "From: admin\n";
$headers .= "Reply-to: NoReply@AutomatedEmail.com\n";
@mail($email, $subject, $message, $headers);
}
}
?>