This repository has been archived by the owner on Nov 24, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
PasswordChange.php
85 lines (73 loc) · 2.44 KB
/
PasswordChange.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<?php
include('session.php');
$Username = $_POST['username'];
$oldpwd = filter_var($_POST['oldpw'], FILTER_SANITIZE_STRING);
$newpwd = filter_var($_POST['newpw'], FILTER_SANITIZE_STRING);
if(empty($oldpwd))
{
$message = 'Please enter your old password';
}
elseif (strlen( $_POST['newpw']) > 20 || strlen($_POST['newpw']) < 4)
{
$message = 'incorrect length for new password';
}
elseif (ctype_alnum($_POST['newpw']) != true)
{
$message = "New password must be alpha numeric";
}
elseif ($_POST['newpw'] <> $_POST['conpw'])
{
$message = "Your new passwords do not match";
}
elseif(!empty($_POST)) {
$UserID = $_POST['userID'];
try {
include('SQLFunctions.php');
$link = f_sqlConnect();
// check whether username exists
$query = "SELECT Password FROM users_enc WHERE userID='{$_SESSION['userID']}'";
if($result=mysqli_query($link,$query)) {
while($row = mysqli_fetch_assoc($result)) {
$get_password = $row['Password'];
}
} else {
$message = "Username does not exist";
}
// check that old password is correct
$auth = password_verify($oldpwd, $get_password);
if ($auth == 1) {
$new_pwd = password_hash($newpwd, PASSWORD_BCRYPT);
$query = "
UPDATE
users_enc
SET
Password = '$new_pwd'
,updated_By = '$Username'
,LastUpdated = NOW()
WHERE
Username = '$Username'";
mysqli_query($link, $query) or
die("Insert failed. " . mysqli_error($link));
$message = "<p class='message'>Your password has been changed</p>";
mysqli_free_result($result);
} else {
// Username or password is incorrect
$message = "<p class='message'>Error: Your username and password do not match.</p>" ;
}
} catch(Exception $e) { $message = "Unable to process request";
}
}
?>
<html>
<head>
<title>
SVBX - Update Password
</title>
<link rel="stylesheet" href="styles.css" type="text/css"/>
</head>
<body>
<?php include('filestart.php') ?>
<p><?php echo $message;?></p>
<?php include('fileend.php') ?>
</body>
</html>