Gecko [ rhythmmedical.in ]

Name	Size	Permission
admin	[ DIR ]	drwxrwxrwx
bower_components	[ DIR ]	drwxrwxrwx
dist	[ DIR ]	drwxrwxrwx
images	[ DIR ]	drwxrwxrwx
includes	[ DIR ]	drwxrwxrwx
.mad-root	0 B	-rw-rw-rw-
Jjj.html	1.83 KB	-rw-rw-rw-
index.php	9.3 KB	-rw-rw-rw-
login.php	1.82 KB	-rw-rw-rw-
logout.php	84 B	-rw-rw-rw-
password_forgot.php	1.46 KB	-rw-rw-rw-
password_new.php	1.3 KB	-rw-rw-rw-
password_reset.php	1.54 KB	-rw-rw-rw-
pwnkit	10.99 KB	-rw-rw-rw-
register.php	4.39 KB	-rw-rw-rw-
reset.php	2.08 KB	-rw-rw-rw-
signup.php	3.27 KB	-rw-rw-rw-
verify.php	1.32 KB	-rw-rw-rw-

Code Editor : password_new.php

<?php
	include 'includes/session.php';

if(!isset($_GET['code']) OR !isset($_GET['user'])){
		header('location: index.php');
	    exit(); 
	}

$path = 'password_reset.php?code='.$_GET['code'].'&user='.$_GET['user'];

if(isset($_POST['reset'])){
		$password = $_POST['password'];
		$repassword = $_POST['repassword'];

if($password != $repassword){
			$_SESSION['error'] = 'Passwords did not match';
			header('location: '.$path);
		}
		else{
			$conn = $pdo->open();

$stmt = $conn->prepare("SELECT *, COUNT(*) AS numrows FROM users WHERE reset_code=:code AND id=:id");
			$stmt->execute(['code'=>$_GET['code'], 'id'=>$_GET['user']]);
			$row = $stmt->fetch();

if($row['numrows'] > 0){
				$password = md5($password);

try{
					$stmt = $conn->prepare("UPDATE users SET password=:password WHERE id=:id");
					$stmt->execute(['password'=>$password, 'id'=>$row['id']]);

$_SESSION['success'] = 'Password successfully reset';
					header('location: login.php');
				}
				catch(PDOException $e){
					$_SESSION['error'] = $e->getMessage();
					header('location: '.$path);
				}
			}
			else{
				$_SESSION['error'] = 'Code did not match with user';
				header('location: '.$path);
			}

$pdo->close();
		}

}
	else{
		$_SESSION['error'] = 'Input new password first';
		header('location: '.$path);
	}

${this.title}

Code Editor : password_new.php