-
Notifications
You must be signed in to change notification settings - Fork 1
/
change-password.php
58 lines (57 loc) · 3.32 KB
/
change-password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
<?php
include('classes/DB.php');
include('classes/Login.php');
$tokenIsValid = False;
if (Login::isLoggedIn()) {
if (isset($_POST['changepassword'])) {
$oldpassword = $_POST['oldpassword'];
$newpassword = $_POST['newpassword'];
$newpasswordrepeat = $_POST['newpasswordrepeat'];
$userid = Login::isLoggedIn();
if (password_verify($oldpassword, DB::query('SELECT password FROM users WHERE id=:userid', array(':userid'=>$userid))[0]['password'])) {
if ($newpassword == $newpasswordrepeat) {
if (strlen($newpassword) >= 6 && strlen($newpassword) <= 60) {
DB::query('UPDATE users SET password=:newpassword WHERE id=:userid', array(':newpassword'=>password_hash($newpassword, PASSWORD_BCRYPT), ':userid'=>$userid));
echo 'Password changed successfully!';
}
} else {
echo 'Passwords don\'t match!';
}
} else {
echo 'Incorrect old password!';
}
}
} else {
if (isset($_GET['token'])) {
$token = $_GET['token'];
if (DB::query('SELECT user_id FROM password_tokens WHERE token=:token', array(':token'=>sha1($token)))) {
$userid = DB::query('SELECT user_id FROM password_tokens WHERE token=:token', array(':token'=>sha1($token)))[0]['user_id'];
$tokenIsValid = True;
if (isset($_POST['changepassword'])) {
$newpassword = $_POST['newpassword'];
$newpasswordrepeat = $_POST['newpasswordrepeat'];
if ($newpassword == $newpasswordrepeat) {
if (strlen($newpassword) >= 6 && strlen($newpassword) <= 60) {
DB::query('UPDATE users SET password=:newpassword WHERE id=:userid', array(':newpassword'=>password_hash($newpassword, PASSWORD_BCRYPT), ':userid'=>$userid));
echo 'Password changed successfully!';
DB::query('DELETE FROM password_tokens WHERE user_id=:userid', array(':userid'=>$userid));
}
} else {
echo 'Passwords don\'t match!';
}
}
} else {
die('Token invalid');
}
} else {
die('Not logged in');
}
}
?>
<h1>Change your Password</h1>
<form action="<?php if (!$tokenIsValid) { echo 'change-password.php'; } else { echo 'change-password.php?token='.$token.''; } ?>" method="post">
<?php if (!$tokenIsValid) { echo '<input type="password" name="oldpassword" value="" placeholder="Current Password ..."><p />'; } ?>
<input type="password" name="newpassword" value="" placeholder="New Password ..."><p />
<input type="password" name="newpasswordrepeat" value="" placeholder="Repeat Password ..."><p />
<input type="submit" name="changepassword" value="Change Password">
</form>