I am creating a password reset system for my project. I currently have an password reset link sent to the user's email address and I'm now working on the create-password.php page. I have a selector and validator token to authorise the change of an account's password. In my code, I take these tokens from the url and go through some validation and if there are no errors, a form to change their password is shown, otherwise the corresponding error message is displayed. I use nested if else statements but I have read that this can be bad coding practice for readability and maintenance. I believe that my code is readable but I can understand why someone might find it hard to understand with the combination of HTML and php code, so I would appreciate some insight from someone more experienced whether this is considered bad practice and what could be done alternatively.
<!-- Generic HTML Code -->
<?php
// if there are empty tokens, inform user
if (empty($_GET["selector"]) || empty($_GET["validator"])) {
?>
<!-- Corresponding HTML code for empty token(s) -->
<?php
} else {
$selector = $_GET["selector"];
$validator = $_GET["validator"];
// Checks to see if the variables are legit hexadecimal tokens
if (ctype_xdigit($selector) !== false && ctype_xdigit($validator) !== false) {
// Run through database to check if selector and validator token exist for a user and not expired
if ( not valid selector token|| not valid validator token || expired) {
?>
<!-- Corresponding HTML code for expired link or not valid token(s) -->
<?php
} else {
?>
<!-- HTML form to change password -->
<?php
}
} else {
?>
<!-- Corresponding HTML error message for false hexadecimal token(s) -->
<?php
}
?>
Aucun commentaire:
Enregistrer un commentaire