<?php
function hash_pwd($pwd)
{
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_RAND)), '+', '.');
$salt = sprintf("\$2a\$%02d\$", 10) . $salt;
$hash = crypt($pwd, $salt);
return $hash;
}
echo hash_pwd("*****@*****.**");
phpinfo();
// Get hash key
$result = pg_execute($conn, "get_key2", array($uid)) or die("Can't execute get_key2: " . pg_last_error());
$row = pg_fetch_row($result);
$hkey = $row[0];
pg_freeresult($result);
/*
if ($hkey == '')
{
header('HTTP 406 Not Acceptable', true, 406);
echo "There was a problem updating user's password.\n";
exit();
//return ;
}
*/
// Hash password with user's hash key
$password = hash_pwd($password, $hkey);
// update password
$result = pg_execute($conn, "update_password", array($password, $uid)) or die("Can't execute update_password: "******"email") {
// Get email
$email = $_POST['value'];
// Remove all illegal characters from email
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
// Validate e-mail
if (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
// get key using the email
function DB_changePwd($oldpwd, $pwd)
{
if (!is_numeric($_SESSION['id'])) {
return FALSE;
}
$q = "SELECT id FROM `USERINFO` WHERE id=" . $_SESSION['id'] . " AND pwd='" . hash_pwd($oldpwd) . "';";
$rslt = mysqli_query($GLOBALS['con'], $q);
if ($rslt == FALSE) {
return FALSE;
}
if (!mysqli_fetch_array($rslt)) {
return FALSE;
}
$q = "UPDATE `USERINFO` SET pwd='" . hash_pwd($pwd) . "' WHERE id=" . $_SESSION['id'];
if (($result = mysqli_query($GLOBALS['con'], $q)) == FALSE) {
return FALSE;
}
return TRUE;
}
