<?php function hash_pwd($pwd) { $salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_RAND)), '+', '.'); $salt = sprintf("\$2a\$%02d\$", 10) . $salt; $hash = crypt($pwd, $salt); return $hash; } echo hash_pwd("*****@*****.**"); phpinfo();
// Get hash key $result = pg_execute($conn, "get_key2", array($uid)) or die("Can't execute get_key2: " . pg_last_error()); $row = pg_fetch_row($result); $hkey = $row[0]; pg_freeresult($result); /* if ($hkey == '') { header('HTTP 406 Not Acceptable', true, 406); echo "There was a problem updating user's password.\n"; exit(); //return ; } */ // Hash password with user's hash key $password = hash_pwd($password, $hkey); // update password $result = pg_execute($conn, "update_password", array($password, $uid)) or die("Can't execute update_password: "******"email") { // Get email $email = $_POST['value']; // Remove all illegal characters from email $email = filter_var($email, FILTER_SANITIZE_EMAIL); // Validate e-mail if (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) { // get key using the email
function DB_changePwd($oldpwd, $pwd) { if (!is_numeric($_SESSION['id'])) { return FALSE; } $q = "SELECT id FROM `USERINFO` WHERE id=" . $_SESSION['id'] . " AND pwd='" . hash_pwd($oldpwd) . "';"; $rslt = mysqli_query($GLOBALS['con'], $q); if ($rslt == FALSE) { return FALSE; } if (!mysqli_fetch_array($rslt)) { return FALSE; } $q = "UPDATE `USERINFO` SET pwd='" . hash_pwd($pwd) . "' WHERE id=" . $_SESSION['id']; if (($result = mysqli_query($GLOBALS['con'], $q)) == FALSE) { return FALSE; } return TRUE; }