forked from udsaxman/Sapphirev2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
processEditMemberPassword.php
75 lines (60 loc) · 1.6 KB
/
processEditMemberPassword.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
<?php
include 'connection.php';
$fail = false;
$passwordOne = "";
$passwordTwo = "";
$targetUserID = 0;
if (isset($_POST["password1"])) {
$passwordOne = $_POST["password1"];
} else {
$fail = true;
}
if (isset($_POST["password2"])) {
$passwordTwo = $_POST["password2"];
} else {
$fail = true;
}
if (isset($_POST["selUser"])) {
$targetUserID = $_POST["selUser"];
if ($targetUserID == 0)
$fail = true;
} else {
$fail = true;
}
$strSearch = "'";
//$strSearch2 = "*";
$strSearch3 = "\"";
$pos = stripos($passwordOne, $strSearch);
//$pos2 = stripos($passwordOne, $strSearch2);
$pos3 = stripos($passwordOne, $strSearch3);
if ($pos === false && $pos3 === false) {
} else {
$fail = true;
}
if (trim($passwordOne) == "")
$fail = true;
if ($passwordOne != $passwordTwo)
$fail = true;
if (!$fail) {
$userSalt = uniqid();
$newHash = crypt($passwordOne, '$6$rounds=10000$' + $userSalt + '$');
$sql = "Call sp_UpdateUserPassword(" . $targetUserID . ", '" . $newHash . "', '" . $userSalt . "')";
$result = mysql_query($sql, $conn) or die(mysql_error());
$sql = "Call sp_UpdateUserReset(" . $targetUserID . ", 1)";
$result = mysql_query($sql, $conn) or die(mysql_error());
$sql = "Call sp_UpdateUserLock(" . $targetUserID . ", 0)";
$result = mysql_query($sql, $conn) or die(mysql_error());
//echo $sql;
Success();
} else {
Fail("You failed to change the password of the target user");
}
function Fail($error)
{
header('Location: ./TDSInError.php?Error=' . $error . '');
}
function Success()
{
header('Location: ./TDSInAdminTools.php');
}
?>