/
_changePassword.php
123 lines (102 loc) · 3.67 KB
/
_changePassword.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<?php
session_start();
require_once ('config.php');
require_once ('framework.php');
require_once ( 'php/ismobile.class.php' );
/*header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0", false);
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Pragma: no-cache"); // HTTP/1.0
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");*/
@ $fw = new scaleDB( SQL_HOST, SQL_USER, SQL_PASS, SQL_DB );
@ $ismobi = new IsMobile();
if ( $fw->isLoggedIn( $_SESSION ) && $fw->isValidUser( $_SESSION ) ) {
$techname = $_SESSION['USER']['fullname'];
$username = $_SESSION['USER']['username'];
$oldpass = $fw->clean_input($_POST['oldPass']);
$newpass1 = $fw->clean_input($_POST['newPass1']);
$newpass2 = $fw->clean_input($_POST['newPass2']);
$date = $fw->getDate();
#Check if the scale still exists in the database
$query_user = "select * from users where username = '". $username ."'";
$result_user = $fw->query( $query_user );
if ( $query_user ) {
while ( $row = $result_user->fetch_assoc() ) {
$db_pass = $row['password'];
$db_name = $row['fullname'];
$db_user = $row['username'];
}
if ( $db_pass == sha1( $oldpass ) ) {
if ( $db_name == $_SESSION['USER']['fullname'] && $db_user == $_SESSION['USER']['username'] ) {
if ( $newpass1 == $newpass2 && $newpass1 != $oldpass ) {
$final_pass = sha1( $newpass1 );
$query_db = "update users set password = '". $final_pass ."' where username = '". $username ."'";
$result_db = $fw->query( $query_db );
if ( $result_db ) {
$query = "select * from users where username = '". $username ."'";
$result = $fw->query($query);
if ( $result ) {
while($row = $result->fetch_assoc()) {
$db_id = $row['id'];
$db_username = $row['username'];
$db_pass = $row['password'];
$db_fullname = $row['fullname'];
$db_email = $row['email'];
$db_user = $row['is_user'];
$db_admin = $row['is_admin'];
$db_superadmin = $row['is_superadmin'];
}
$digest = md5(
$db_id .
$db_username .
$db_fullname .
$db_pass .
$db_email .
$db_user .
$db_admin .
$db_superadmin
);
$_SESSION['USER'] = array(
'userid' => $db_id,
'username' => $db_username,
'fullname' => $db_fullname,
'digest' => $digest,
'is_user' => $db_user,
'is_admin' => $db_admin,
'is_superadmin' => $db_superadmin,
);
$_SESSION['password_status'] = "true";
$_SESSION['password_id'] = md5( $final_pass );
header("Location: changePassword.php");
die();
} else {
$_SESSION['password_status'] = "false";
$_SESSION['password_id'] = md5( sha1( $newpass1 ) );
header("Location: changePassword.php");
die();
}
} else {
$_SESSION['password_status'] = "false";
$_SESSION['password_id'] = md5( sha1( $newpass1 ) );
header("Location: changePassword.php");
die();
}
} else {
$_SESSION['password_status'] = "false";
$_SESSION['password_id'] = md5( sha1( $newpass1 ) );
header("Location: logout.php");
die();
}
}
}
} else {
$_SESSION['password_status'] = "false";
$_SESSION['password_id'] = md5( sha1( $newpass1 ) );
header("Location: changePassword.php");
die();
}
} else {
header("Location: login.php");
die();
}
?>