if (!isset($_POST['changePass'])) { echo '<script language="javascript"> alert("Old Password did not match !!"); window.location="' . SERVER . '/changePass"; </script>'; return; } $oldpass = $_POST['oldPass']; $np = $_POST['newPass']; $cNewPass = $_POST['confirmNewPass']; $email = $_SESSION['user']; if ($np != $cNewPass) { echo '<script language="javascript"> alert("You have to put same password on both fields !!"); window.location="' . SERVER . '/changePass"; </script>'; return; } if (!loginSuccess($email, $oldpass)) { echo '<script language="javascript"> alert("New Password did not match with Confirm New Password!!"); window.location="' . SERVER . '/changePass.php"; </script>'; return; } $newPass = password_hash($np, PASSWORD_BCRYPT); updatePass($newPass, $email); echo '<script language="javascript"> alert("Password Updated !!"); window.location="' . SERVER . '"; </script>';
<?php DEFINE('INCLUDE_CHECK', 1); require_once '../lib/connections/db.php'; include '../lib/functions/functions.php'; checkLogin('1'); if (empty($_POST['oldpassword']) || empty($_POST['newpassword'])) { die(msg(0, "Old / New password fields empty!")); } if (strlen($_POST['newpassword']) < 5) { die(msg(0, "Password must contain more than 5 characters.")); } $res = updatePass($_SESSION['user_id'], $_POST['oldpassword'], $_POST['newpassword']); if ($res == 2) { die(msg(0, "Incorrect old password!")); } if ($res == 3) { die(msg(0, "An error occured saving your password. Please contact the site admin.")); } if ($res == 99) { die(msg(1, "Your new password has been saved.")); } function msg($status, $txt) { return '{"status":' . $status . ',"txt":"' . $txt . '"}'; }
$user = stripslashes($user); $user = $db->real_escape_string($user); $password = $db->real_escape_string($pass); $pass = hash('sha512', $pass); $query = $db->query("SELECT user_id FROM user WHERE user_name='{$user}' AND password='******'"); //================================================================================================= // If result matched $user and $pass, table row must be 1 row //================================================================================================= if ($query->num_rows == 1) { //if there is one row that matches the searched query $row = $query->fetch_array(); $userID = $row['user_id']; if ($_POST['newPass'] == $_POST['reNewPass']) { if (strlen($_POST['newPass']) >= $passLen) { $pass = $_POST['newPass']; if (updatePass($userID, $pass, $db)) { echo "PassChanged"; } else { echo "PassNotChanged"; } } else { echo "PassLen"; } } else { echo "PassSame"; } } else { echo "IncorrectPass"; } } else { echo "EmptyField";