PHP Problem with verifcation code
Archived 2 years ago
S
STROOX
Hello,
I have a question. I'm facing a problem with an incorrect verification code. A six-digit code is randomly generated and inserted into my database after entering an existing email in the form of forgot password to submit email. Then a new code is sent to the database. When I enter this code in the verification form, it consistently says 'incorrect code.' I would appreciate it if anyone could help me a bit with it. Thank you :)
I have a question. I'm facing a problem with an incorrect verification code. A six-digit code is randomly generated and inserted into my database after entering an existing email in the form of forgot password to submit email. Then a new code is sent to the database. When I enter this code in the verification form, it consistently says 'incorrect code.' I would appreciate it if anyone could help me a bit with it. Thank you :)
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
// Database connection parameters
$host = "localhost";
$username_db = "root";
$password_db = "";
$database = "stroox";
$conn = new mysqli($host, $username_db, $password_db, $database);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$verification_code = $_POST["verification_code"];
$new_password = $_POST["new_password"];
$confirm_password = $_POST["confirm_password"];
// Check if passwords match
if ($new_password !== $confirm_password) {
echo "Passwords do not match. Please try again.";
exit; // Stop execution if passwords don't match
}
// Verify the verification code
$checkCodeSql = "SELECT email FROM reset_tokens WHERE code = ? AND is_received = TRUE AND TIMESTAMPDIFF(MINUTE, received_at, NOW()) <= expiration_time";
$stmtCheckCode = $conn->prepare($checkCodeSql);
$stmtCheckCode->bind_param("s", $verification_code);
$stmtCheckCode->execute();
$resultCheckCode = $stmtCheckCode->get_result();
if ($resultCheckCode->num_rows > 0) {
$row = $resultCheckCode->fetch_assoc();
$email = $row["email"];
// Update the password in the users table
$updatePasswordSql = "UPDATE users SET password = ? WHERE email = ?";
$stmtUpdatePassword = $conn->prepare($updatePasswordSql);
$hashed_password = password_hash($new_password, PASSWORD_DEFAULT);
$stmtUpdatePassword->bind_param("ss", $hashed_password, $email);
$stmtUpdatePassword->execute();
$stmtUpdatePassword->close();
// Remove the used verification code
$deleteCodeSql = "DELETE FROM reset_tokens WHERE code = ?";
$stmtDeleteCode = $conn->prepare($deleteCodeSql);
$stmtDeleteCode->bind_param("s", $verification_code);
$stmtDeleteCode->execute();
$stmtDeleteCode->close();
echo "Password reset successful!";
} else {
echo "Invalid or expired verification code. Please try again.";
}
$stmtCheckCode->close();
}
$conn->close();
?>
<div class="container">
<h2>Reset Password</h2>
<form action="reset_password.php" method="post">
<label for="verification_code">Enter Verification Code:</label>
<input type="text" id="verification_code" name="verification_code" required>
<label for="new_password">Enter New Password:</label>
<input type="password" id="new_password" name="new_password" required>
<label for="confirm_password">Confirm New Password:</label>
<input type="password" id="confirm_password" name="confirm_password" required>
<button type="submit">Reset Password</button>
</form>