function resetPassword($ticket, $emailAddress, $newPassword) { //Create query $databaseQuery = "SELECT * FROM login WHERE emailAddress='{$emailAddress}'"; //Execute Database query $result = executeDatabase($databaseQuery); //Fetch array while ($row = mysqli_fetch_array($result)) { //Create ticket based off database $hash = $row['hash']; $password = $row['password']; $checkTicket = $hash . $password; if ($checkTicket == $ticket) { //Clean query input $con = createInstance(); $emailAddress = $con->real_escape_string($emailAddress); $newPassword = saltPassword($newPassword); $databaseQuery = "UPDATE login SET password='******' WHERE emailAddress='{$emailAddress}'"; executeDatabase($databaseQuery); print 'reset'; } else { print 'brequest'; } } }
function changePassword($ticket, $username, $newPassword) { //Create query $databaseQuery = "SELECT * FROM login WHERE username='******'"; //Execute Database query $result = executeDatabase($databaseQuery); //Fetch array while ($row = mysqli_fetch_array($result)) { //Create ticket based off database $hash = $row['hash']; $password = $row['password']; $checkTicket = $hash; if ($checkTicket == $ticket) { $newPassword = saltPassword($newPassword); $databaseQuery = "UPDATE login SET password='******' WHERE emailAddress='{$username}'"; executeDatabase($databaseQuery); print 'reset'; } else { print 'error'; } } }