I am creating reset password system, Iam done with all parts accept last step where updating password and email in users table. actually where it doesn't update.lol
it says update succes and redirecting to login but doesn't update pasword. I echoed all steps to see if values are empty it shows all full.
This is my form:
$selector = $_GET["selector"];
$validator = $_GET["validator"];
if(empty($selector) || empty($validator)){
echo "Could not validate request";
}else{
if(ctype_xdigit($selector) !== false && ctype_xdigit($validator) !== false){
?>
<form action="reset-password.inc.php" method="post">
<input type="hidden" name="selector" value="<?php echo $selector; ?>">
<input type="hidden" name="validator" value="<?php echo $validator; ?>">
<input type="password" name="password" placeholder="Yeni şifre girin...">
<input type="password" name="confirm_password" placeholder="Şifre tekrar...">
<input type="submit" name="reset-password-submit" value="Submit">
<a class="btn btn-link" href="welcome.php">Cancel</a>
</form>
<?php
}
}
And this is the codes in submit page:
if(isset($_POST["reset-password-submit"])){
$selector = $_POST["selector"];
$validator = $_POST["validator"];
$password = $_POST["password"];
$confirm_password = $_POST["confirm_password"];
$currentDate = date("U");
if(empty($password) && empty($confirm_password)){
header("Location: create-new-password.php?newpwd=empty");
exit();
}elseif($password != $confirm_password){
header("Location: create-new-password.php?newpwd=passwords-not-same");
exit();
}else{
$sql = "SELECT * FROM pwdreset WHERE pwdResetSelector = :pwdResetSelector AND pwdResetToken = :pwdResetToken AND pwdResetExpires >= :pwdResetExpires";
if($stmt = $pdo->prepare($sql)){
$stmt->bindParam(":pwdResetSelector", $selector, PDO::PARAM_STR);
$stmt->bindParam(":pwdResetToken", $validator, PDO::PARAM_STR);
$stmt->bindParam(":pwdResetExpires", $currentDate, PDO::PARAM_STR);
if($stmt->execute()){
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if($selector !== $row['pwdResetSelector']){
header("Location: create-new-password.php?newpwd=wrongUrlParameters");
exit();
}elseif($validator !== $row['pwdResetToken']){
header("Location: create-new-password.php?newpwd=wrongUrlParameters");
exit();
}else{
$tokenEmail = $row["pwdResetEmail"];
// CHECK IF EMPTY PASS AND EMAIL AND DO UPDATE
if(empty($password) && empty($tokenEmail)){
$sql = "UPDATE users SET password = :password WHERE email=:email";
if($stmt3 = $pdo->prepare($sql)){
$newpwdhash = password_hash($password, PASSWORD_DEFAULT);
$stmt3->bindParam(":password", $newpwdhash, PDO::PARAM_STR);
$stmt3->bindParam(":email", $tokenEmail, PDO::PARAM_STR);
if($stmt3->execute()){
// DELETE FROM PWDRESET TABLE
$sql = "DELETE FROM pwdReset WHERE pwdResetEmail=:pwdResetEmail";
if($stmt4 = $pdo->prepare($sql)){
$stmt4->bindParam(":pwdResetEmail", $tokenEmail, PDO::PARAM_STR);
$stmt4->execute();
header("Location: login.php?newpwd=success");
exit();
}else{
header("Location: create-new-password.php?newpwd=somethingWentWrong");
exit();
}
}else{
echo "Couldnt execute stmt 3";
exit();
}
}else{
echo "error";
exit();
}
}else{
echo "AN ERROR HAPPEND WHILE QUERY STMT 3";
exit();
}
}
}else{
echo "Couldnt execute sql 1";
exit();
}
}else{
echo "prepare sql didnt work 1";
exit();
}
}
}else{
echo "something went wrong";
exit();
}