?>
</div>
</div>
<div class="component-right">
<div class="container container-padded">
<h3>Change Password</h3>
<?php
if (isset($_POST["change-pw-submit"])) {
$old_pw = isset($_POST["old-password"]) && $_POST["old-password"] != "" ? $_POST["old-password"] : null;
$new_pw = isset($_POST["new-password"]) && $_POST["new-password"] != "" ? $_POST["new-password"] : null;
$confirm = isset($_POST["confirm"]) && $_POST["confirm"] != "" ? $_POST["confirm"] : null;
if ($old_pw && $new_pw && $confirm) {
if ($new_pw != $confirm) {
echo '<p class="error">Your new passwords do not match.</p>';
} else {
$valid_old = validate_credentials($user["email"], $old_pw);
if ($valid_old === false) {
echo '<p class="error">You entered an invalid old password.</p>';
} else {
$changed = change_password($id, $new_pw);
if ($changed) {
echo '<p>Success! Your password has been changed.</p>';
} else {
echo '<p class="error">Your password could not be changed due to a database error.</p>';
}
}
}
} else {
echo '<p class="error">You must provide a value for every field.</p>';
}
}
<?php
require_once __DIR__ . "/../config/config.php";
require_once __DIR__ . "/../util/web.php";
require_once __DIR__ . "/../util/security.php";
require_once __DIR__ . "/../service/auth_service.php";
require_once __DIR__ . "/../service/data_service.php";
if (session_id() == '' || !isset($_SESSION)) {
// session isn't started
session_start();
}
if (isset($_POST["action"]) && $_POST["action"] === "Login") {
//Retrieve username & password
$validationResult = validate_credentials($_POST);
if (count($validationResult) > 0) {
$_SESSION["errors"] = $validationResult;
$url = APPLICATION_ROOT . "/index.php";
redirect($url);
exit;
}
$userName = $_POST["userName"];
$password = $_POST["password"];
$user = get_user($userName);
if ($user) {
$salt = $user[user_SALT];
$enteredPassword = encrypt_password($password, $salt);
$savedPassword = $user[user_PASSWORD];
if ($savedPassword === $enteredPassword) {
if (session_id() == '' || !isset($_SESSION)) {
// session isn't started
session_start();
<div class="component-right">
<div class="container container-padded">
<h3>Login</h3>
<h4>Enter your details in the fields below and click Login.</h4>
<p>No account? <a href="/login/signup">Sign up.</a></p>
<?php
if (!isset($_POST["login-submit"])) {
print_login_form();
} else {
$email = isset($_POST["email"]) ? $_POST["email"] : null;
$password = isset($_POST["password"]) ? $_POST["password"] : null;
if ($email == null || $password == null) {
echo '<span class="error">Please fill in all the fields.</span>';
print_login_form();
} else {
$user = validate_credentials($email, $password);
if (!$user) {
echo '<span class="error">Incorrect email/password combination.</span>';
print_login_form();
} else {
session_destroy();
session_start();
$_SESSION["UserAuthKey"] = hash("sha256", $email . date("dmYHis"));
$_SESSION["UserName"] = $user["username"];
$_SESSION["AuthLevel"] = $user["auth_level"];
$_SESSION["UserId"] = $user["id"];
header("Location: /");
}
}
}
?>
<?php
require_once "libraries/lib.php";
$uname = esc($_POST['uname']);
$upass = esc($_POST['upass']);
if (strlen(trim($uname)) > 0 && strlen(trim($upass)) > 0) {
$user_id = validate_credentials();
if ($user_id > 0) {
create_session($user_id);
}
header("Location: index.php?op=dashboard");
}
