troubleshooting Question

Password reset token in url issue

Avatar of Crazy Horse
Crazy HorseFlag for South Africa asked on
PHP
13 Comments2 Solutions80 ViewsLast Modified:
If a user clicks on "reset password" and enters their email address, they will receive an email with a code as well as a link to the reset page. There is also a cookie set which gives them a limited amount of time to reset their password. Everything is working but my concern is the code in the url.

If I replace the proper code in the URL with something else e.g.:

http://localhost/simpleblog/code_validate.php?email=myemail@gmail.com&code=ca6bcbfc607af157f6a0aa7bed914849bf394


with:

http://localhost/simpleblog/code_validate.php?email=myemail@gmail.com&code=12345

the page still shows up and allows me to enter a verification code. Should it not redirect me because 12345 is not actually the token that was created?

If using the bogus code in the URL string and I enter the correct token i.e.: ca6bcbfc607af157f6a0aa7bed914849bf394, it still then gives me success but I thought it should fail since the code doesn't also match the code in the URL?

if (isset($_COOKIE['temp_access_code'])) {
		
		if (!isset($_GET['email']) && !isset($_GET['code'])) {
			
			header("location:index.php");
			
		} else {
			
			if (empty($_GET['email']) || empty($_GET['code'])) {
				
				header("location:index.php");
				
			} else {
				
				
				if (isset($_POST['code'])) {
					
					$email = htmlentities($_GET['email']);
					
					$validation_code = htmlentities($_POST['code']);
					
					$sql = "SELECT userID FROM `users` WHERE identifier = '".$link->real_escape_string($validation_code)."' AND email = '".$link->real_escape_string($email)."' LIMIT 1";
					$result = $link->query($sql);
					if ($result->num_rows == 1 && $validation_code == $_GET['code']){

						
						header("location:reset.php");
					} else {
						
						echo "Sorry, incorrect validation code.";
						
					}
						 
				}
				
			}
			
		}
		
	}
				  

	 else {
	//your cookie expired
	header("location:recover.php");
}
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 2 Answers and 13 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 13 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros