HEX
Server: Apache/2.4.41 (Amazon) OpenSSL/1.0.2k-fips PHP/5.6.40
System: Linux ip-172-31-40-18 4.14.146-93.123.amzn1.x86_64 #1 SMP Tue Sep 24 00:45:23 UTC 2019 x86_64
User: apache (48)
PHP: 5.6.40
Disabled: NONE
$ pwd: /var/www/html/qcr24/app/application/controllers/forgot_password/
Upload Files
File: //var/www/html/qcr24/app/application/controllers/forgot_password/Recover_password_staff.php
<?php
defined('BASEPATH') or exit('No direct script access allowed');

class Recover_password_staff extends CI_Controller
{

	public function __construct()
	{
		parent::__construct();
		$this->load->model('api/mstaff');
		
	}
	/**
	 * Index Page for this controller.
	 *
	 * Maps to the following URL
	 * 		http://example.com/index.php/welcome
	 *	- or -
	 * 		http://example.com/index.php/welcome/index
	 *	- or -
	 * Since this controller is set as the default controller in
	 * config/routes.php, it's displayed at http://example.com/
	 *
	 * So any other public methods not prefixed with an underscore will
	 * map to /index.php/welcome/<method_name>
	 * @see https://codeigniter.com/driver_guide/general/urls.html
	 */
	public function index()
	{
		$recovery_key=$this->input->get('recovery_key');
		$data['recovery_key'] = $recovery_key;
		$this->load->view('forgot_password/staff_forgotpassword', $data);
	}

	public function recover_account(){
		$response=array();
		if(empty($this->input->post())){
			$response['error']=1;
			$response['message']='Please fill up all the required fields';
		}else{
			$new_password=$this->input->post('newpassword1');
			$confirm_password=$this->input->post('newpassword2');
			$recovery_key=$this->input->post('recovery_key');
			if(empty($new_password)){
				$response['error']=1;
				$response['message']='New Password field is required';
			}
			if(empty($confirm_password)){
				$response['error']=1;
				$response['message']='Confirm Password field is required';
			}
			if($new_password!=$confirm_password){
				$response['error']=1;
				$response['message']='New Password and Confirm fields are not matched';
			}
			$driver_details=$this->mstaff->getRow('master_admin',array('recovery_key'=>$recovery_key));
			if(empty($driver_details)){
				$response['error']=1;
				$response['message']='Sorry! your link is expired';
			}else{
					$condition2=array('email'=>$driver_details['email']);
					$ddata['password']=md5($new_password);
					$ddata['recovery_key']='';
					$this->mstaff->update('master_admin',$condition2,$ddata); 
					$response['error']=0;
					$response['message']='Your password changed successfully';
			}
		}
		echo json_encode($response);
	}

}
@ Telegram