#resetForm {background-color: #e9e9e9;margin:10px;padding:5px 15px 20px 15px;width:320px;} #resetForm label {font-weight:bold;} .resetInput {margin:5px 0px 5px 0px;width:320px;}

Reset your password

Please enter your new password below:

'; $form2 = '

Strength


'; // Error message where reset_code is missing from URL $errorURL = '

It appears that you have not yet requested your password to be reset.
Please request a password reset.

'; $errorTime = '

The time period for resetting your password has expired.
Please re-request a password reset.

'; // Handle the form submission. if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Validate and secure the form data: $problemForm = FALSE; $problemURL = FALSE; // Check for each value... if (empty($_POST['password1'])) { $problemForm = TRUE; $error .= '

Please enter a password

'; } if ($_POST['password1'] != $_POST['password2']) { $problemForm = TRUE; $error .= '

Your password did not match your confirmed password!

'; } if (strlen($_POST['password1']) < 6 ) { $problemForm = TRUE; $error .= '

Your password must be at least 6 characters

'; } if (strlen($_POST['password1']) > 0 ) { if (strpos($prohibited_passwords,$_POST['password1'])) { $problemForm = TRUE; $error .= '

This password cannot be used

'; } } if ($reset_code == '0') { $problemURL = TRUE; } // If there are missing fields in the form if ($problemForm) { $output = $form1.$error.$form2; } // Problem - no reset_code in URL else if ($problemURL) { $output = $errorURL; } else { // No problems with form fields or reset_code $password = trim(strip_tags($_POST['password1'])); // Query database to further check that password reset request is legitimate & within the timeframe // Define the query: $query = "SELECT companyid, email, reset_expiry FROM Client WHERE reset_code = '".$reset_code."'"; if ($r = pg_query($dbc,$query)) // Run the query. { while ($row = pg_fetch_array($r)) { // Check reset timeframe has not expired $reset_expiry_valid = (strtotime($row['reset_expiry']) > strtotime(date("Y-m-d H:i:s"))); if(!$reset_expiry_valid) {$output = $errorTime; break;} // Reset password if($reset_expiry_valid) { $password_query = "SELECT client_update_password ('".$password."','".$reset_code."')"; $password_update = pg_query($dbc, $password_query); // Prepare confirmation email $html_message = '

Your Precision Tracking password for Client Login has been reset. If you did not request your password to be reset, or you experience any other difficulties, please do not hesitate to contact us by phone on 0800 GPS 001 or via email at admin@precisiontracking.co.nz.'; // Insert email send details into email_outbox table where it will automatically be sent $company_id = $row['companyid']; $dest_address = $row['email']; $email_query = "INSERT INTO email_outbox ( src_address, dest_address, company_id, subject, text_message, html_message ) VALUES ( 'info@precisiontracking.co.nz','$dest_address','$company_id','Your password has been reset','','$html_message')"; $email_insert = pg_query($dbc, $email_query); if (pg_affected_rows($email_insert) == 1) { // Success message for screen $output = '

Your password has been successfully reset.

You will be redirected to the client login page in approximately 10 seconds. If you are not automatically redirected, you can click here to proceed to the login page.

'; // Redirect user to login page header('Refresh: 10; URL=client_login.php'); } else { $output = '

We are unable to reset your password at the moment. Please contact us by phone on 0800 GPS 001 or via email at admin@precisiontracking.co.nz.

'; } } } // End while } // End Query IF } // End no problems with form fields } // End of form submission IF. else // Print form as user has loaded page for first time { $output = $form1.$form2; } ?> Reset password | Precision Tracking