password reset weird issue

[jay93]

Hi, i m trying to write  a code for resetting password. I want this code to show in on the log in page (and the user should be able to open it without being logged in),,,   however the problem i am facing is, whenever i open my recover form thus, localhost/pass.php , my recover form has  a field for email and security question, )   it just shows the login page, which is   localhost/login.php... i'm stuck on this now for days, and nothing seems to improve...

 

 

and just to make helping easier, i'm planning to implement a recover function thus:

1. when the user clicks on forgot password on localhost/login.php   without already being logged in, it should take them to a page,

pass.php   (displaying an email and security question)...

 

2.and when the users enter both( confirm if they exist in the sql table), then redirect to another form   reset.php  which shows  two fields for "Enter new password"  and "Confirm password", and when user enters both, his password is updated in the database...

 

Pass.php has a template pass_form.php

and reset.php has a template reset_form.phpp

 

 

//code for pass.php:  

 

 

<?php

 

 

  // configuration

    require("../includes/config.php"); 

    

     if ($_SERVER["REQUEST_METHOD"] == "POST")

  {

     if (empty($_POST["forgotpassword"]))

     apologize("Please enter email address.");

     

     if (empty($_POST["security"]))

     apologize("Please enter your security key.");

     

    $email = $_POST["forgotpassword"]; 

    if(!(filter_var($email, FILTER_VALIDATE_EMAIL)))

    

     apologize("Please enter a valid email such as example@domain.com");

     

     //check if email and securitykey exist in users table

     

    $check= query("SELECT id, security FROM users WHERE email = ?", $_POST["forgotpassword"]);

    if ($check === false)

    apologize("No such user in database");

  

   

    render("reset.php", ["title" => "Reset Password", "check" => $check]);

    

  }

  

  else  render("login_form.php", ["title" => "Login"]);

  

  

  

?>

 

3. another problem is when i log in, and then i open localhost/pass.php, it always keeps on rendering the above template called login_form.php( which is linked to the controller login.php...)  instead of displaying the pass_form.php

template...

///  pass_form.php  is as follows:

 

<form action="pass.php" method="post">

    <fieldset>

        <div class="control-group">

            <input name="forgotpassword" placeholder="Email" type="text"/>

        </div>

        <div class="control-group">

            <input name="security" placeholder="Security Keyword" type="text"/>

        </div>

        <div class="control-group">

            <button type="submit" class="btn">Reset</button>

        </div>

    </fieldset>

</form>

 

 

 

 

 

RENDER()  is a function as follows 

 

 

function render($template, $values = [])

    {

        // if template exists, render it

        if (file_exists("../templates/$template"))

        {

            // extract variables into local scope

            extract($values);

 

            // render header

            require("../templates/header.php");

 

            // render template

            require("../templates/$template");

 

            // render footer

            require("../templates/footer.php");

        }

 

        // else err

        else

        {

            trigger_error("Invalid template: $template", E_USER_ERROR);

        }

[jay93]

found the solution to that problem, in my config.php file declared at the top, i was initializing SESSION...hence the problem...

however, the new issue now is my render function works for only templates, so it is rejecting render.php as an invalid template...

is there a way i can pass the values in the array $check to my reset.php (which is a controller , not template) , so i could access them in reset.php thus.. (boldened)...
and is my logic right??


<?php


// configuration
require("../includes/config.php");

// if form was submitted
if(isset($_POST["submit"]))
{

if (empty($_POST["password"]))
apologize("Please enter password.");


if ($_POST["password"] != $_POST["confirmation"])
apologize("Passwords do not match!");


$result = query("UPDATE users SET hash = ? WHERE id = ?", crypt($_POST["password"], $check[0]["id"]));

if($result===false)
apologize("Could not register. Please retry.");

else
{

$rows = query("SELECT id FROM users WHERE hash = ?", crypt($_POST["password"]));
$id = $rows[0]["id"];

// remember that user's now logged in by storing user's ID in session
$_SESSION["id"]= $rows[0]["id"];


}

// redirect to portfolio
redirect("register.php");
}


else
{
// else render form
render("register_form.php", ["title" => "Register"]);
}

?>

[AyKay47]

Most likely the render() function is rejecting reset.php because it is not located in the templates directory, so file_exists() is returning a boolean false value.

If nothing has been output to the browser yet you can use header() to redirect to reset.php and pass the necessary values.

 

 $i = 0;$qs = "";$check = array("test" => "hello", "test2" => "hello2");foreach($check as $key => $val){  if(!$i)    $qs .= "$key=$val";  else    $qs .= "&$key=$val";  $i++;} 
header("Location: reset.php?$qs");

 

You could also restructure the render function to accept files in other directories if that is the case.

Also, every time that pass.php is re-executed it will check to see if a POST request has been sent, if it hasn't, then it will render() login_form.php

Edited February 27, 2013 by AyKay47