Anthony Vu Anthony Vu - 3 months ago 9
MySQL Question

Reset Password POST refreshing page without posting

I'm trying to create a password reset form in which when the user clicks the link in their email, they are sent to a password reset page.

The password form is validated with FormValidation, but I am running into the issue where when the user submits, the page refreshes, clears the GET variables and doesn't enter into the

if($_SERVER['REQUEST_METHOD'] == 'POST')
section.

You can see the uploaded code here.

I've tried various solutions but don't know whats wrong. Anything helps!

Thanks guys!

Here is my PHP code:


// ERROR REPORTING
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
// END ERROR REPORTING


if(isset($_GET['email']) && isset($_GET['token']))
{
//Get variables from email password reset link
$token = $_GET ['token'];
$email = $_GET['email'];
require_once('dbconfig.php');

//CHECK TO SEE IF EMAIL EXISTS IN THE DATABASE//
$sql = "SELECT * FROM users_launchpad WHERE email = '$email' ";
$query = mysqli_query($conn, $sql);
$result = mysqli_fetch_assoc($query);
if ($result['email'] == $email)
{
$check1 = true;
}
else
{
$check1=false;
}
//END EMAIL CHECK//

//CHECKS TO SEE IF ID MATCHES TOKEN//
if(md5($result['id'])==$token)
{
$check2 = true;
}
else
{
$check2 = false;
}

//END ID CHECK

//IF BOTH CHECKS ARE TRUE, CHANGE PASSWORD UPON POST.
if($check1==$check2)
{
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$password = $_POST['password'];
$update_password = "UPDATE users_launchpad SET password = '$password' WHERE email = '$email'";
$password_query = mysqli_query($conn, $update_password);
// header('location: reset_password_success.php');
if ($password_query)
{
$success_message = "Password Updated Successfully";
}
}

}

}



?>


Here is the HTML:



<?php require_once('header.php');?>
<link href='../css/login.css' rel='stylesheet' type='text/css'>
<link href ='../css/formValidation.min.css' type = 'text/css'>
</head>
<body>
<div class = "col-md-offset-4 col-md-4" id = "loginForm">
<div class = "row">

//CREATE FORM
<form role="form" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="post" id = "reset_password">
<fieldset>
<legend>Reset Password</legend>
<div class = "col-md-12 text-center ">
<span class="text-success "><?php if (isset($success_message)) {echo $success_message;} ?></span>
</div>
<br>
<div class="form-group">
<label for="name">New Password</label>
<input type="password" name="password" placeholder="Password" required class="form-control" />

</div>

<div class="form-group">
<label for="name">Confirm New Password</label>
<input type="password" name="confirmPassword" placeholder="Confirm Password" required class="form-control" />

</div>
</fieldset>


<div class="form-group">
<input type="submit" name="reset_password" value="Login" class="btn btn-primary" />
</div>

</form>
<div class = "col-md-6 col-md-offset-3 text-center">
<span class="text-danger "><?php if (isset($errormsg)) { echo $errormsg;} ?></span>
</div>
<br>
<br>
</div>
<input type="hidden" name="token" value= "" />
</div>

//END CREATE FORM


Here is the Javascript:

//INCLUDE BOOTSTRAP AND FORM VALIDATION
<script src="//oss.maxcdn.com/bootbox/4.2.0/bootbox.min.js"></script>
<script src="js/formValidation.min.js"></script>
<script src="js/framework/bootstrap.min.js"></script>


<script>
$(document).ready(function()
{
$('#reset_password')
.formValidation({
framework: 'bootstrap',
icon: {
valid: 'glyphicon glyphicon-ok',
invalid: 'glyphicon glyphicon-remove',
validating: 'glyphicon glyphicon-refresh'
},
fields: {
password: {
validators: {
notEmpty: {
message: 'Your password is required'
},
stringLength: {
min: 4,
max: 30,
message: 'Your password must be between 4 and 30 characters'
},
identical: {
field: 'confirmPassword',
message: 'The password and its confirm are not the same'
}
}
},
confirmPassword: {
validators: {
notEmpty: {
message: 'Your password is required'
},
stringLength: {
min: 4,
max: 30,
message: 'Your password must be between 4 and 30 characters'
},
identical: {
field: 'password',
message: 'The password and its confirm are not the same'
}
}
}
}
})


.on('success.form.fv', function(e)
{
e.preventDefault();
var $form = $(e.target);
$form.get(0).submit();
return false;

});
});
</script>


</body>
</html>

Answer

In your PHP code you need to send email and set token as i can see token is being not sent in request only password and confirmPaswword is being sent .

1- Place token inside form.

2- Make form view as PHP page to send email as hidden.

//CREATE FORM
        <form role="form" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="post" id = "reset_password">
            <fieldset>
                <legend>Reset Password</legend>
                <div class = "col-md-12 text-center ">
                    <span class="text-success "><?php if (isset($success_message)) {echo $success_message;} ?></span>
                </div>
                <br>
                 <div class="form-group">
                    <label for="name">New Password</label>
                    <input type="password" name="password" placeholder="Password" required class="form-control" />

                </div>

                <div class="form-group">
                    <label for="name">Confirm New Password</label>
                    <input type="password" name="confirmPassword" placeholder="Confirm Password" required class="form-control" />

                </div>
                </fieldset>


                <div class="form-group">
                    <input type="submit" name="reset_password" value="Login" class="btn btn-primary" />
                </div>
                   <input type="hidden" name="token" value= "random" />
                                         <input type="hidden" name="email" value= <?= $_GET['email'] />
        </form>
        <div class = "col-md-6 col-md-offset-3 text-center">
            <span class="text-danger "><?php if (isset($errormsg)) { echo $errormsg;} ?></span>
        </div>
        <br>
        <br>
    </div>

</div>

enter image description here