File: /home/rtbrisc/public_html/admin/account/server/reset.php
<?php
session_start();
require_once('db.php');
if(isset($_POST)) {
//Escape Special Characters In String First
$Email = mysqli_real_escape_string($conn, $_POST['txtEmail']);
$Password = mysqli_real_escape_string($conn, $_POST['txtPassword']);
$ConfirmPassword = mysqli_real_escape_string($conn, $_POST['txtConfirmPassword']);
if(empty($Email) || empty($Password) || empty($ConfirmPassword)){
$_SESSION['res_err'] = "All fields are required!!!";
header("Location:../reset.php?email=$Email");
}else{
$check = mysqli_query($conn, "SELECT * FROM tblcustomer WHERE Email = '$Email'");
if($check_row = mysqli_fetch_assoc($check)){
$pword = crypt($Password,"qis");
$reset = mysqli_query($conn, "UPDATE tbluser SET Password = '$pword' WHERE Username = '$Email'");
if($reset){
$_SESSION['res_suc'] = "Password reset was successful!!!";
header("Location:../reset.php?email=$Email");
}else{
$_SESSION['res_err'] = "Password reset was not successful!!!";
header("Location:../reset.php?email=$Email");
}
}else{
//Don't Send
$_SESSION['res_err'] = "The email you supplied doesn't exist with us, Please check again";
header("Location:../reset.php?email=$Email");
}
}
}
?>