islogged();
$action = $mysqli->real_escape_string($_POST['action']);
$username = $mysqli->real_escape_string($_SESSION['username']);
if ($action == 'changepw') {
$currpw = $mysqli->real_escape_string($_POST['currpw']);
$newpw = $mysqli->real_escape_string($_POST['newpw']);
require_once '../password.php';
function noMc($length = 23) {
return substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length);
}
$salt = noMc();
$opts = array(
'cost' => 10,
'salt' => $salt
);
$hashed = password_hash($newpw, PASSWORD_BCRYPT, $opts);
$sqr = "SELECT `password` FROM `auth` WHERE `username`='{$username}';";
$res = $mysqli->query($sqr);
$fetch = mysqli_fetch_assoc($res);
$hpw = $fetch['password'];
$islegit = $polrauth->processlogin($username, $currpw);
if (!$islegit) {
die('Invalid current password. Back');
}
$sqr = "UPDATE auth SET password = '{$hashed}' WHERE `username`='{$username}';";
$res = $mysqli->query($sqr);
if ($res) {
require_once 'header.php';
echo "Success! Back";
require_once 'footer.php';
die();
} else {
require_once 'header.php';
echo "Error! Back";
require_once 'footer.php';
die();
}
}
echo "Invalid Action";
die();