I tried to create a password recovery page, on the enter new password part, when I enter a password that are not match, it can echo a dialog message saying that the password does not match. Then when I click OK on the dialog box it will echo another dialog message saying that the password is changed. This makes the first password "pass1" updated in the database. See my picture below.
My question it how do I stop it from echoing the second dialog box? How to make the dialog box stay on the same page without having it open a blank page.
Below is the code:
<?php
session_start();
include('include/header.php');
include('admin/include/dbcon.php');
?>
<!-- STUDENT LOGIN FORM SECTION START -->
<section class="Form-bg-image navbar-bottom-space">
<div class="container-fluid">
<div class="container">
<div class="row">
<div class="col-sm-12 my-col">
<?php
include('admin/include/dbcon.php');
if (isset($_GET["key"]) && isset($_GET["email"]) && isset($_GET["action"]) && ($_GET["action"] == "reset") && !isset($_POST["action"])) {
$key = $_GET["key"];
$email = $_GET["email"];
$curDate = date("Y-m-d H:i:s");
$query = mysqli_query($sql_con, "SELECT * FROM `password_reset_temp` WHERE `key`='" . $key . "' and `email`='" . $email . "';");
$row = mysqli_num_rows($query);
if ($row == "") {
$error .= '<h2>Invalid Link</h2>';
} else {
$row = mysqli_fetch_assoc($query);
$expDate = $row['expDate'];
if ($expDate >= $curDate) {
?>
<div class="std-loginbox stdlogin-outerdiv">
<h1 class="Login-text">Reset Password</h1>
<div class="desc-text">Reset your password here! <br> Not registered? <a href="student_signup.php">Create an account</a> </div>
<hr>
<div class="InnerDiv">
<form method="post" action="" name="update">
<input type="hidden" name="action" value="update" class="form-control" />
<div class="form-group">
<label for="exampleInputEmail1">New Password</label>
<input type="password" name="pass1" value="update" class="form-control" />
</div>
<div class="form-group">
<label for="exampleInputEmail1">Confirm Password</label>
<input type="password" name="pass2" value="update" class="form-control" />
</div>
<input type="hidden" name="email" value="<?php echo $email; ?>" />
<center>
<button type="submit" id="reset" type="submit" class="btn btn-primary btn-login-form">Submit</button>
</center>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
<!-- STUDENT FORM SECTION END -->
<?php
include('include/footer.php');
?>
<?php
} else {
$error .= "<h2>Link Expired</h2>>";
}
}
if ($error != "") {
echo "<div class='error'>" . $error . "</div><br />";
}
}
if (isset($_POST["email"]) && isset($_POST["action"]) && ($_POST["action"] == "update")) {
$error = "";
$pass1 = mysqli_real_escape_string($sql_con, $_POST["pass1"]);
$pass2 = mysqli_real_escape_string($sql_con, $_POST["pass2"]);
$email = $_POST["email"];
$curDate = date("Y-m-d H:i:s");
if ($pass1 != $pass2) {
echo "<script>alert('Password does not match!')</script>";
}
if ($error != "") {
echo $error;
} else {
mysqli_query($sql_con, "UPDATE `students` SET `password` = '" . $pass1 . "' WHERE `stdemail` = '" . $email . "'");
mysqli_query($sql_con, "DELETE FROM `password_reset_temp` WHERE `email` = '$email'");
echo "<script>alert('Password changed!')</script>";
}
}
?>
Aucun commentaire:
Enregistrer un commentaire