How do I get token value from URL

Question

0.00/5 (No votes)

See more:

Hi, im new to php. I would like to create a password reset system.

1.User click 'forgot password'
2.User type username & email
3.user received email
4.user click link in the mail
5.user go to new page and type new password

everything go smooth, the problem is once user submit new password, nothing happen.

<?php 

if (isset($_POST['submit_pass'])) {
  $new_pass = mysqli_real_escape_string($db, $_POST['new_pass']);
  $new_pass_c = mysqli_real_escape_string($db, $_POST['new_pass_c']);


   $token =$_SESSION['token']);
    if (empty($new_pass) || empty($new_pass_c)) {array_push($errors, "Password is required");}
  if ($new_pass !== $new_pass_c) {array_push($errors, "Password do not match");}
  if (count($errors) == 0) {
  
    $sql = "SELECT * FROM password_resets WHERE token='$token' LIMIT 1";
    $results = mysqli_query($db, $sql) or trigger_error( "Query Failed!". mysqli_error($db));
    $email = mysqli_fetch_assoc($results)['username'];

    if ($email) {
      $new_pass = md5($new_pass);
      $sql = "UPDATE tutor SET password='$new_pass' WHERE tutor_username='$email'";
      $results = mysqli_query($db, $sql) or trigger_error( "Query Failed!". mysqli_error($db));
      header('location: ../st_login.php');
    }
  }

}
?>

What I have tried:

i had tried to change

$_SESSION

instead of

$_GET

or

$_REQUEST

Posted 30-Jan-19 22:33pm

Member 13965471

Add a Solution

Comments

Richard Deeming 4-Feb-19 14:29pm

You really shouldn't still be using MD5 for password storage. It hasn't been secure for quite some time.

PHP has built-in methods which will give you a more secure hash:
PHP: password_hash[^]
PHP: password_verify[^]

(Glad to see someone who's not storing passwords in plain text, though. :) )

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)