Reset password

[mn-islam]

Reset & update password from student and teacher portal

[sowadalmughni]

Had an initial conversation about this with @mn-islam

Example of code

<?php

// First we check whether a user with this Mobile # is registered.
$userId = findUserByMobile($_POST['Mobile']);
if (!is_null($userId))
{
  // Generate a new token with its hash
  StoPasswordReset::generateToken($tokenForLink, $tokenHashForDatabase);

  $emailLink = 'https://www.example.com/reset_password.php?tok=' . $tokenForLink;
  $creationDate = new DateTime();
  savePasswordResetToDatabase($tokenHashForDatabase, $userId, $creationDate);
  sendPasswordResetEmail($emailLink);
}

// Validate the token
if (!isset($_GET['tok']) || !StoPasswordReset::isTokenValid($_GET['tok']))
  handleErrorAndExit('The token is invalid.');

// Search for the token hash in the database
$tokenHashFromLink = StoPasswordReset::calculateTokenHash($_GET['tok']);
if (!loadPasswordResetFromDatabase($tokenHashFromLink, $userId, $creationDate))
  handleErrorAndExit('The token does not exist or has already been used.');

// Check whether the token has expired
if (StoPasswordReset::isTokenExpired($creationDate))
  handleErrorAndExit('The token has expired.');

// Show password change form and mark token as used
letUserChangePassword($userId);

Basically reproduce something like this for our users.

[mn-islam]

We can start working on it after finishing issues with higher priority @YorikoUeda