Files
Sentri/pub/login/resetPassword.php

196 lines
8.3 KiB
PHP

<?php
session_start();
if (!isset($_GET['token']) && !isset($_GET['result']) && !isset($_SESSION['user']['user_uuid'])) {
http_response_code(404);
exit;
}
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
$tokenfound = false;
if (isset($_GET['token'])) {
$token = htmlspecialchars($_GET['token'], ENT_QUOTES, 'UTF-8');
$stmt = $GLOBALS['conn']->prepare("SELECT * FROM system_users WHERE user_password_reset_token = ? AND user_password_reset_expires > UNIX_TIMESTAMP()");
$stmt->bind_param("s", $token);
$stmt->execute();
$result = $stmt->get_result();
} elseif (isset($_SESSION['user']['user_uuid'])) {
$user_uuid = $_SESSION['user']['user_uuid'];
$stmt = $GLOBALS['conn']->prepare("SELECT * FROM system_users WHERE user_uuid = ?");
$stmt->bind_param("s", $user_uuid);
$stmt->execute();
$result = $stmt->get_result();
}
if ($result->num_rows == 1) {
$tokenfound = true;
$user_data = $result->fetch_assoc();
} else {
addLoginAttempts();
}
if (checkLoginAttempts() > 20) {
header('Location: /login/');
exit;
}
?>
<!DOCTYPE html>
<html data-coreui-theme="dark" lang="en">
<head>
<base href="./">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
<meta name="description" content="Sentri - Configure phone configs">
<meta name="author" content="Marco Mooij">
<meta name="keyword" content="sentri">
<title>Sentri | Login</title>
<!-- favicon -->
<link rel="icon" type="image/png" href="/src/images/favicon/favicon-96x96.png" sizes="96x96">
<link rel="icon" type="image/svg+xml" href="/src/images/favicon/favicon-96x96.png">
<link rel="shortcut icon" href="/src/images/favicon/favicon.ico">
<link rel="apple-touch-icon" sizes="180x180" href="/src/images/favicon/apple-touch-icon.png">
<link rel="manifest" href="/src/images/favicon/site.webmanifest">
<style>
body {
font-family: Arial, sans-serif;
background-color: #1d222b;
}
.portal-image {
width: 100%;
height: auto;
aspect-ratio: 3 / 1;
object-fit: contain;
display: block;
min-height: 200px; /* Prevent layout shift during image load */
}
#code-container {
display: flex;
justify-content: center;
gap: 10px;
}
.code-input {
width: 40px;
height: 40px;
font-size: 24px;
text-align: center;
margin: 5px;
}
</style>
<link rel="stylesheet" href="css/style.full.css" as="style">
</head>
<body>
<div class="bg-body-tertiary min-vh-100 d-flex flex-row align-items-center">
<div class="container">
<div class="row justify-content-center">
<div class="col-lg-8 col-md-10 col-12 d-flex align-items-center justify-content-center">
<div class="card-group d-block d-md-flex row">
<div class="card col-md-7 mb-0">
<div class="card-body p-3">
<div class="card-body text-center justify-content-center align-items-center">
<?php if (isset($_GET['result'])) {
if ($_GET['result'] == "success") { ?>
<h1 class="text-center">Password set</h1>
<p class="text-center">Your password was set successfully. Use the button below to proceed to the login page.</p>
<hr>
<a href="/login/" class="btn btn-primary px-4">
<i class="fa-solid fa-check"></i> Go to login
</a>
<?php } elseif ($_GET['result'] == "failed") { ?>
<h1 class="text-center">Something went wrong</h1>
<p class="text-center">Something went wrong in changing your password. Please contact support!</p>
<?php } ?><?php } else { ?>
<h1 class="text-center">Set Password</h1>
<p class="text-center">Must be at least 12 characters.</p>
<hr>
<form method="post" action="/login/php/setPassword.php">
<?php if (isset($_GET['token'])) { ?>
<input type="hidden" name="user_password_reset_token" value="<?php echo $token ?>">
<?php } elseif (isset($_SESSION['user']['user_uuid'])) { ?>
<input type="hidden" name="user_uuid" value="<?php echo $user_data['user_uuid'] ?>">
<?php } ?>
<label for="password" class="form-label">New Password</label>
<input type="password" class="form-control" name="password-1" id="password" placeholder="Enter password" required autocomplete="new-password">
<div id="passwordPolicyError" class="form-text text-danger d-none">Password is too short.</div>
<br>
<div class="mb-3 text-reset">
<label for="confirmPassword" class="form-label">Confirm Password</label>
<input type="password" class="form-control" name="password-2" id="confirmPassword" placeholder="Repeat password" required>
<div id="passwordHelp" class="form-text text-danger d-none">Passwords do not match.</div>
</div>
<button type="submit" class="btn btn-primary w-100" id="submitBtn" disabled>
<i class="fa-solid fa-key"></i> Set Password
</button>
</form>
<?php } ?>
</div>
</div>
</div>
<div class="card col-md-5 text-white bg-transparent py-5">
<div class="card-body text-center pt-5">
<div>
<img class="pt-3 w-100 portal-image" alt="portal-image" src="/src/images/logo-login-dark.webp" width="500" height="265" style="height: auto;">
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css">
<script>
const password = document.getElementById("password");
const confirmPassword = document.getElementById("confirmPassword");
const submitBtn = document.getElementById("submitBtn");
const passwordHelp = document.getElementById("passwordHelp");
const passwordPolicyError = document.getElementById("passwordPolicyError");
function checkPasswords() {
const pwValue = password.value;
const confirmValue = confirmPassword.value;
// Check length
if (pwValue.length < 13) {
passwordPolicyError.classList.remove("d-none");
submitBtn.disabled = true;
return;
} else {
passwordPolicyError.classList.add("d-none");
}
// Check match
if (pwValue && confirmValue) {
if (pwValue === confirmValue) {
passwordHelp.classList.add("d-none");
submitBtn.disabled = false;
} else {
passwordHelp.classList.remove("d-none");
submitBtn.disabled = true;
}
} else {
passwordHelp.classList.add("d-none");
submitBtn.disabled = true;
}
}
password.addEventListener("input", checkPasswords);
confirmPassword.addEventListener("input", checkPasswords);
</script>
</body>
</html>