Open mn-islam opened 7 years ago
Had an initial conversation about this with @mn-islam
Example of code
<?php
// First we check whether a user with this Mobile # is registered.
$userId = findUserByMobile($_POST['Mobile']);
if (!is_null($userId))
{
// Generate a new token with its hash
StoPasswordReset::generateToken($tokenForLink, $tokenHashForDatabase);
$emailLink = 'https://www.example.com/reset_password.php?tok=' . $tokenForLink;
$creationDate = new DateTime();
savePasswordResetToDatabase($tokenHashForDatabase, $userId, $creationDate);
sendPasswordResetEmail($emailLink);
}
// Validate the token
if (!isset($_GET['tok']) || !StoPasswordReset::isTokenValid($_GET['tok']))
handleErrorAndExit('The token is invalid.');
// Search for the token hash in the database
$tokenHashFromLink = StoPasswordReset::calculateTokenHash($_GET['tok']);
if (!loadPasswordResetFromDatabase($tokenHashFromLink, $userId, $creationDate))
handleErrorAndExit('The token does not exist or has already been used.');
// Check whether the token has expired
if (StoPasswordReset::isTokenExpired($creationDate))
handleErrorAndExit('The token has expired.');
// Show password change form and mark token as used
letUserChangePassword($userId);
Basically reproduce something like this for our users.
We can start working on it after finishing issues with higher priority @YorikoUeda
Reset & update password from student and teacher portal