-
Notifications
You must be signed in to change notification settings - Fork 0
/
password-change.php
113 lines (104 loc) · 3.48 KB
/
password-change.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
<?php
include_once("modules/config.php");
include_once("modules/class.user.php");
if(!loggedIn()):
echo '<script> window.location="login.php"; </script> ';
endif;
if(isset($_POST["submit"])):
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
// First check that required fields have been filled in.
if (empty($_POST['password_old'])):
$errors['password_old'] = "Old password cannot be empty.";
endif;
if (empty($_POST['password_new'])):
$errors['password_new'] = "New password cannot be empty.";
endif;
if (strlen($_POST['password_new']) < 5):
$errors['password_new'] = "Password must be at least 5 characters.";
endif;
if (empty($_POST['password_confirm'])):
$errors['password_confirm'] = "Please confirm password.";
endif;
if ($_POST['password_new'] != $_POST['password_confirm']):
$errors['password_new'] = "Passwords do not match.";
endif;
endif;
if (isset($_POST["submit"]) && empty($errors)):
$hasher = new PasswordHash(8, FALSE);
$password = $hasher->HashPassword($_POST['password_new']);
$token = md5(uniqid(mt_rand(), true));
$query = $coll->findOne(array('username' => $_SESSION["username"]));
if (isset($query['password']) && $query['password'] == $hasher->CheckPassword($_POST['password_old'], $query['password'])):
passwordChange($query["username"], $password, $token);
cleanMemberSession($query["username"], $_POST["remember_me"]);
sendMail($query["email"], "", "", "password-change");
echo '<script> window.location="dashboard.php"; </script> ';
else:
$errors['password_old'] = "Old password is incorrect.";
endif;
endif;
?>
<html>
<head>
<title>Simple Password Change with MongoDB</title>
</head>
<body>
<?php if (isset($error)): ?>
<p class="error"><?php echo $error; ?></p>
<?php endif; ?>
<form action="<?=$_SERVER["PHP_SELF"];?>" method="POST">
<table>
<tr>
<td>
Old Password:
</td>
<td>
<input type="password" name="password_old" value="" maxlength="30">
<span class="error">
<?php echo isset($errors['password_old']) ? $errors['password_old'] : ''; ?>
</span><br />
</td>
</tr>
<tr>
<td>
New Password:
</td>
<td>
<input type="password" name="password_new" value="" maxlength="30">
<span class="error">
<?php echo isset($errors['password_new']) ? $errors['password_new'] : ''; ?>
</span><br />
</td>
</tr>
<tr>
<td>
Confirm Password:
</td>
<td>
<input type="password" name="password_confirm" value="" maxlength="30">
<span class="error">
<?php echo isset($errors['password_confirm']) ? $errors['password_confirm'] : ''; ?>
</span><br />
</td>
</tr>
<tr>
<td>
Remember Me:
</td>
<td>
<input type="checkbox" name="remember_me">
</td>
</tr>
<tr>
<tr>
<td>
</td>
<td>
<input name="submit" type="submit" value="Submit">
</td>
</tr>
</table>
</form>
</body>
</html>