mirror of
https://github.com/cydrobolt/polr.git
synced 2024-09-20 07:31:53 +02:00
53 lines
1.7 KiB
PHP
53 lines
1.7 KiB
PHP
<?php
|
|
require_once '../lib-core.php';
|
|
if (!$_SESSION['li']) {
|
|
header('Location: index.php');
|
|
}
|
|
require_once '../lib-auth.php';
|
|
$polrauth = new polrauth();
|
|
$islogged = $polrauth->islogged();
|
|
$action = $mysqli->real_escape_string($_POST['action']);
|
|
$username = $mysqli->real_escape_string($_SESSION['username']);
|
|
if ($action == 'changepw') {
|
|
$currpw = $mysqli->real_escape_string($_POST['currpw']);
|
|
$newpw = $mysqli->real_escape_string($_POST['newpw']);
|
|
|
|
require_once '../lib-password.php';
|
|
function noMc($length = 23) {
|
|
return substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length);
|
|
}
|
|
$salt = noMc();
|
|
$opts = array(
|
|
'cost' => 10,
|
|
'salt' => $salt
|
|
);
|
|
$hashed = password_hash($newpw, PASSWORD_BCRYPT, $opts);
|
|
$sqr = "SELECT `password` FROM `auth` WHERE `username`='{$username}';";
|
|
$res = $mysqli->query($sqr);
|
|
$fetch = mysqli_fetch_assoc($res);
|
|
$hpw = $fetch['password'];
|
|
$islegit = $polrauth->processlogin($username, $currpw);
|
|
if (!$islegit) {
|
|
require_once 'header.php';
|
|
echo "Invalid current password. <a href=\"index.php\">Back</a>";
|
|
require_once 'layout-footerlg.php';
|
|
die();
|
|
}
|
|
|
|
$sqr = "UPDATE auth SET password = '{$hashed}' WHERE `username`='{$username}';";
|
|
$res = $mysqli->query($sqr);
|
|
if ($res) {
|
|
require_once 'header.php';
|
|
echo "Success! <a href='index.php'>Back</a>";
|
|
require_once 'layout-footerlg.php';
|
|
die();
|
|
} else {
|
|
require_once 'header.php';
|
|
echo "Error! <a href='index.php'>Back</a>";
|
|
require_once 'layout-footerlg.php';
|
|
die();
|
|
}
|
|
}
|
|
echo "Invalid Action";
|
|
die();
|