-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathchange-password.php
116 lines (94 loc) · 3.85 KB
/
change-password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
<?php
include('./classes/DB.php');
include('./classes/Login.php');
$tokenIsValid = False;
if (Login::isLoggedIn())
{
//echo 'Logged In!';
//echo Login::isLoggedIn();
if (isset($_POST['changepassword']))
{
$oldpassword = $_POST['oldpassword'];
$newpassword = $_POST['newpassword'];
$newpasswordrepeat = $_POST['newpasswordrepeat'];
$userid = Login::isLoggedIn();
if (password_verify($oldpassword, DB::query('SELECT userpassword FROM tb_users WHERE userid=:userid', array(':userid'=>$userid))[0]['userpassword']))
{
if ($newpassword == $newpasswordrepeat)
{
if (strlen($newpassword) >= 6 && strlen($newpassword) <= 60)
{
DB::query('UPDATE tb_users SET userpassword=:newpassword WHERE userid=:userid', array(':newpassword'=>password_hash($newpassword, PASSWORD_BCRYPT), ':userid'=>$userid));
echo 'Password changed successfully!';
}
}
else
{
echo 'Password don\'t match!';
}
}
else
{
echo 'The old password is incorrect!';
}
}
}
else
{
if (isset($_GET['passwordtoken']))
{
$passwordtoken = $_GET['passwordtoken'];
if (DB::query('SELECT passwordtoken_userid FROM tb_password_tokens WHERE passwordtoken=:passwordtoken', array(':passwordtoken'=>sha1($passwordtoken))))
{
$userid = DB::query('SELECT passwordtoken_userid FROM tb_password_tokens WHERE passwordtoken=:passwordtoken', array(':passwordtoken'=>sha1($passwordtoken)))[0]['passwordtoken_userid'];
$tokenIsValid = True;
if (isset($_POST['changepassword']))
{
$newpassword = $_POST['newpassword'];
$newpasswordrepeat = $_POST['newpasswordrepeat'];
if ($newpassword == $newpasswordrepeat)
{
if (strlen($newpassword) >= 6 && strlen($newpassword) <= 60)
{
DB::query('UPDATE tb_users SET userpassword=:newpassword WHERE userid=:userid', array(':newpassword'=>password_hash($newpassword, PASSWORD_BCRYPT), ':userid'=>$userid));
echo 'Password changed successfully!';
DB::query('DELETE FROM tb_password_tokens WHERE passwordtoken_userid=:passwordtoken_userid', array(':passwordtoken_userid'=>$userid));
}
}
else
{
echo 'Password don\'t match!';
}
}
}
else
{
die('Invalid token...');
}
}
else
{
die('Not Logged In');
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Change Password</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" media="screen" href="main.css" />
<script src="main.js"></script>
</head>
<body>
<h1>Change Your Password</h1>
<form action="<?php if (!$tokenIsValid) { echo 'change-password.php'; } else { echo 'change-password.php?passwordtoken='.$passwordtoken.''; } ?>" method="post">
<?php if (!$tokenIsValid) { echo '<input type="password" name="oldpassword" value="" placeholder="Current Password..."><p />'; } ?>
<input type="password" name="newpassword" value="" placeholder="New Password..."><p />
<input type="password" name="newpasswordrepeat" value="" placeholder="Repeat New Password..."><p />
<input type="submit" name="changepassword" value="Change Password">
</form>
</body>
</html>