-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathchangePassword.php
48 lines (42 loc) · 1.43 KB
/
changePassword.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<?php
session_start();
require_once 'login.php';
if (isset($_COOKIE['sq_check']) && $_COOKIE['sq_check'] == "true")
{
$connection = new mysqli($hn, $un, $pw, $db);
if ($connection->connect_error) die($connection->connect_error);
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (isset($_POST['newpwd']))
{
$un_temp = $_SESSION['username'];
$pw_temp = mysql_entities_fix_string($connection, $_POST['newpwd']);
$token = hash($algo, "$salt1$pw_temp$salt2");
$query = "UPDATE users SET password = '$token' WHERE username='$un_temp'";
$connection->query($query);
setcookie("sq_check", "false", time() + 2, "/");
setcookie("login", "false", time() + 2, "/");
setcookie("reloaded", "true", time() + 2, "/");
setcookie("pwd_changed", "true", time() + 2, "/");
header("Location: index.php");
exit();
}
else
{
header('WWW-Authenticate: Basic realm="Restricted Section"');
header('HTTP/1.0 401 Unauthorized');
die ("There is nothing to see here");
}
}
$connection->close();
}
function mysql_entities_fix_string($connection, $string)
{
return htmlentities(mysql_fix_string($connection, $string));
}
function mysql_fix_string($connection, $string)
{
if (get_magic_quotes_gpc()) $string = stripslashes($string);
return $connection->real_escape_string($string);
}
?>