Exercise-10

IWP-LAB

18BCE0557 KUSHAL

DB Creation:

Part 1: Write the reset password form

On Entering Correct Username and Password:

- Update Password in DB
- Redirect to login page
- Display New Password
On Entering Wrong Details:
- Display declined message and redirect to redirect page again

CODE:
<!​DOCTYPE​ ​html​>
<​html​ ​lang​=​"en"​>
<​head​>
​<​meta​ ​charset​=​"UTF-8"​>
​<​meta​ ​name​=​"viewport"​ ​content​=​"width=device-width, initial-scale=1.0"​>
​<​title​>​Password Reset Form​</​title​>
</​head​>
<​body​>

<?php

​if​ (​$_SERVER​[​'REQUEST_METHOD'​] === ​'GET'​) {

​if​ (​isset​(​$_GET​[​'message'​])) {
​echo​ ​$_GET​[​'message'​];
}
 ​ cho​ ​'<center>
e
<h2>Password Reset using Username and PhoneNumber</h2>
</br></br>
<div>
<form name="reset_form action="reset.php" method="post">
<input type="text" name="username" id="username" placeholder="Your
Username">
<input type="number" name="pnumber" id="pnumber" placeholder="Your
Phone Number">
<input type="submit" value="Reset">
</form>
</div>
</center>'​;
}

​if​ (​$_SERVER​[​'REQUEST_METHOD'​] === ​'POST'​) {

​extract​(​$_POST​);
​include​(​"database.php"​);

​$rs​ = ​mysqli_query​(​$conn​, ​"select * from user where

USERNAME='​$username​' and PHONE='​$pnumber​'"​);
​if​ (​mysqli_num_rows​(​$rs​)>​0​) {
​$str_result​ =
'0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'​;
​$new_pass​ = ​substr​(​str_shuffle​(​$str_result​), ​0​, ​8​);
​$password_hash​ = ​hash​(​'md5'​, ​$new_pass​);
​$rs​ = ​mysqli_query​(​$conn​, ​"​UPDATE​ users ​SET
PASSWORD_HASH​=​$password_hash​ ​where​ USERNAME​=​'​$username​'"​);
​header​(​"Location:
http://localhost:8082/Exercise8/login.php?message='Your New Password is
$new_pass​'"​);
}
​else​ {
​ eader​(​"Location:
h
http://localhost:8082/Exercise8/reset.php?message='Invalid Details
Provided. Password reset DECLINED'"​);
}
}
?>

</​body​>
</​html​>

Part 2: Write the change password form

As per instructions
Code:
<!​DOCTYPE​ ​html​>
<​html​ ​lang​=​"en"​>
<​head​>
​<​meta​ c​ harset​=​"UTF-8"​>
​<​meta​ n​ ame​=​"viewport"​ ​content​=​"width=device-width, initial-scale=1.0"​>
​ ​title​>​Password Change Form​</​title​>
<
</​head​>
<​body​>

<?php

​if​ (​$_SERVER​[​'REQUEST_METHOD'​] === ​'GET'​) {

​if​ (​isset​(​$_GET​[​'message'​])) {
​echo​ ​$_GET​[​'message'​];
}

​ cho​ ​'<center>
e
<h2>Password Update using Username and Current Password</h2>
</br></br>
<div>
<form name="reset_form action="reset.php" method="post">
<input type="text" name="username" id="username" placeholder="Your
Username">
<input type="password" name="password" id="password" placeholder="Your
Current Password">
<input type="password" name="new_password" id="new_password"
placeholder="Your New Password">
<input type="submit" value="Reset">
</form>
</div>
</center>'​;
}

​if​ (​$_SERVER​[​'REQUEST_METHOD'​] === ​'POST'​) {

​extract​(​$_POST​);
​include​(​"database.php"​);
​$current_pass_hash​ = ​hash​(​'md5'​, ​$password​);
​ rs​ = ​mysqli_query​(​$conn​, ​"select * from user where
$
username='​$username​' AND password_hash='​$current_pass_hash​'"​);
​if​ (​mysqli_num_rows​(​$rs​)>​0​) {
​$new_pass​ = ​$new_password​;
​$password_hash​ = ​hash​(​'md5'​, ​$new_pass​);
​$rs​ = ​mysqli_query​(​$conn​, ​"​UPDATE​ users ​SET
PASSWORD_HASH​=​$password_hash​ ​where​ USERNAME​=​'​$username​'"​);
 ​ eader​(​"Location:
h
http://localhost:8082/Exercise8/login.php?message='Your Password is
Successfully updated to ​$new_pass​'"​);
}
​else​ {
​header​(​"Location:
http://localhost:8082/Exercise8/pass_change.php?message='Invalid Details
Provided. Password UPDATE DECLINED'"​);
}
}

?>

</​body​>
</​html​>