-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprocessReset.php
48 lines (37 loc) · 1.39 KB
/
processReset.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<?php
session_start();
require('Connection/connect.php');
require_once('fns.php');
define("RECAPTCHA_V3_SECRET_KEY", '6LcNS7AZAAAAAH8jx9ciYgzjMJpGRj_ifwP4nNPR');
$email = mysqli_real_escape_string($connect, $_POST['email']);
$hpass = md5($_POST['password']);
$otp = $_POST['otp'];
$token = $_POST['token'];
$action = $_POST['action'];
// call curl to POST request
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://www.google.com/recaptcha/api/siteverify");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array('secret' => RECAPTCHA_V3_SECRET_KEY, 'response' => $token)));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
$arrResponse = json_decode($response, true);
// verify the response
if($arrResponse["success"] == '1' && $arrResponse["action"] == $action && $arrResponse["score"] >= 0.5) {
$query = mysqli_query($connect, "select * from users where email = '$email' && otp = '$otp'");
$foundUser = mysqli_num_rows($query);
$row = mysqli_fetch_assoc($query);
if($foundUser > 0){
$_SESSION['facer'] = $row['uID'];
mysqli_query($connect, "update users set password = '$hpass', otp = '' where email = '$email'");
header('Location: home');
exit;
}else{
header('Location: ./?error='.$email);
exit;
}
}else{
header('Location: reset-password?p='.base64_encode($email).'&rt='.base64_encode($otp).'&captcha=1');
exit;
}