Home Explore Help
Sign In
harsh
/
ethics-canvas
forked from ADAPT/ethics-canvas
1
0
Fork 0
Files Pull Requests 0
Branch: master
Branches Tags
ethics-canvas
/
php
/
changePassword.php

changePassword.php 1.5 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243 
  1. <?php
    2. 

  2.     require_once('db_utils.php');
    3. 

  3. 

  4.     if(isset($_POST['salt'], $_POST['new-password'])) { // Parameters received
    5. 

  5.       // Get parameters
    6. 

  6.       $old_salt = $_POST['salt'];
    7. 

  7.       $password = $_POST['new-password'];
    8. 

  8. 

  9.       $conn = db_connect(); // Connect to the database
    10. 

  10. 

  11.       // Check if the user already exists
    12. 

  12.       if(!($result = mysqli_query($conn, "SELECT * FROM user WHERE salt = '$old_salt'"))) {
    13. 

  13.         $verification = 'false'; // Wrong query
    14. 

  14.       }
    15. 

  15. 

  16.       else { // Query successful
    17. 

  17.         if(mysqli_num_rows($result) != 1) { // User doesn't exist, or duplicated
    18. 

  18.           $verification = 'false';
    19. 

  19.         }
    20. 

  20.         else { // User returned successfully
    21. 

  21.               $algorithm = '$2a'; // Blowfish
    22. 

  22.               $cost = '$10'; // for hashing
    23. 

  23.               $new_salt = $algorithm . $cost . '$' . substr(sha1(mt_rand()),0,22);
    24. 

  24.               $hash = crypt($password, $new_salt);
    25. 

  25.          
    26. 

  26.               // Update activation status
    27. 

  27.               if(!mysqli_query($conn, "UPDATE user SET salt = '$new_salt', password = '$hash' WHERE salt = '$old_salt'")) {
    28. 

  28.                 $verification = 'false'; // Wrong query
    29. 

  29.               }
    30. 

  30.               else { // Update successful
    31. 

  31.                 $verification = 'true';
    32. 

  32.               }
    33. 

  33.         }
    34. 

  34.       }
    35. 

  35.       mysqli_free_result($result);
    36. 

  36.       db_close($conn); // Close the database
    37. 

  37.     }
    38. 

  38.     else { // Salt not been sent as parameter
    39. 

  39.       $verification = 'false';
    40. 

  40.     }
    41. 

  41. 

  42.     header('Location: /index.html?changed='. $verification);
    43. 

  43. ?>
    44.