prepare("SELECT id FROM Users WHERE firstname = ? AND lastname = ? AND email = ?");
$stmt->bind_param("sss", $firstname, $lastname, $email);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows === 1) {
$stmt->bind_result($userId);
$stmt->fetch();
// Fetch password policy
$policyResult = $conn->query("SELECT * FROM password_policy LIMIT 1");
if (!$policyResult) die("Password policy query failed.");
$policy = $policyResult->fetch_assoc();
if (!$policy) die("No password policy found in database.");
$errors = [];
$minLength = (int)$policy['min_length'];
$requireUpper = (bool)$policy['require_uppercase'];
$requireLower = (bool)$policy['require_lowercase'];
$requireNumber = (bool)$policy['require_numbers'];
$requireSpecial = (bool)$policy['require_special'];
if (strlen($password) < $minLength) $errors[] = "Password must be at least $minLength characters long.";
if ($requireUpper && !preg_match('/[A-Z]/', $password)) $errors[] = "Password must include at least one uppercase letter.";
if ($requireLower && !preg_match('/[a-z]/', $password)) $errors[] = "Password must include at least one lowercase letter.";
if ($requireNumber && !preg_match('/[0-9]/', $password)) $errors[] = "Password must include at least one number.";
if ($requireSpecial && !preg_match('/[^A-Za-z0-9]/', $password)) $errors[] = "Password must include at least one special character.";
if (!empty($errors)) {
$message = implode(" ", $errors);
} else {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$update_stmt = $conn->prepare("UPDATE Users SET password = ? WHERE id = ?");
$update_stmt->bind_param("si", $hashed_password, $userId);
if ($update_stmt->execute()) {
$message = "Password updated successfully!";
$showForm = false;
unset($_SESSION['csrf_token']);
} else {
$message = "An error occurred. Please try again.";
}
$update_stmt->close();
}
} else {
$message = "No account found matching that information.";
}
$stmt->close();
}
}
$conn->close();
?>
Reset Password | Moraine Camplands