function checkCredentials($username, $password) { $link = retrieve_mysqli(); //Test to see if their credentials are valid $queryString = 'SELECT salt, hashed_password FROM user WHERE username = ?'; if ($stmt = mysqli_prepare($link, $queryString)) { //Get the stored salt and hash as $dbSalt and $dbHash mysqli_stmt_bind_param($stmt, "s", $username); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt, $dbSalt, $dbHash); mysqli_stmt_fetch($stmt); mysqli_stmt_close($stmt); // close prepared statement mysqli_close($link); /* close connection */ //Generate the local hash to compare against $dbHash $localhash = generateHash($dbSalt . $password); //Compare the local hash and the database hash to see if they're equal if ($localhash == $dbHash) { return true; } // password hashes matched, this is a valid user } return false; // password hashes did not match or username didn't exist }
function generate_common($graphType, $beginningQuery, $endQuery, $label1Column, $label2Column, $valueColumn) { global $rType, $sDate, $eDate, $days, $sTime, $eTime; $link = retrieve_mysqli(); $query = $beginningQuery . " WHERE "; $query .= generate_conditional() . $endQuery; if ($stmt = mysqli_prepare($link, $query)) { mysqli_stmt_bind_param($stmt, "ssss", $sDate, $eDate, $sTime, $eTime); mysqli_stmt_execute($stmt); $stmt->store_result(); $resultrow = array(); stmt_bind_assoc($stmt, $resultrow); $numRows = mysqli_stmt_num_rows($stmt); if ($numRows != 0) { $isEmployee = FALSE; if (isset($label2Column)) { $isEmployee = TRUE; } $labels = array(); $values = array(); while (mysqli_stmt_fetch($stmt)) { $label1 = NULL; $label2 = NULL; // label2 is lastname if isEmployee, otherwise NULL $value = NULL; foreach ($resultrow as $key => $data) { if ($label1Column == $key) { $label1 = $data; } else { if ($valueColumn == $key) { $value = $data; } else { if ($isEmployee) { if ($label2Column == $key) { $label2 = $data; } } else { if (isset($label1) && isset($value)) { break; } } } } if (isset($label1) && isset($value) && isset($label2)) { break; } } $label = $label1; if ($isEmployee) { $label .= ' ' . $label2; } array_push($labels, $label); array_push($values, $value); } mysqli_stmt_close($stmt); echo json_encode(array('graphType' => $graphType, 'labels' => $labels, 'values' => $values)); exit; } echo '0 results returned.'; exit; } }
if ($_POST['newPass'] == $_POST['verifyPass']) { echo ''; } else { echo "Passwords don't match."; } } else { if (myIsset($_POST['currentPass']) && myIsset($_POST['newPass']) && $_POST['changePassSubmit'] == 'true') { $pass = htmlspecialchars($_POST['currentPass']); $user = $_SESSION['loggedin']; if (checkCredentials($user, $pass)) { $newPass = htmlspecialchars($_POST['newPass']); if ($newPass == $pass) { echo 'Your new password must be different from your current password.'; exit; } $link = retrieve_mysqli(); $queryString = 'UPDATE user SET salt = ?, hashed_password = ? WHERE username = ?'; // get salt and hash password mt_srand(); $salt = mt_rand(); $hashPass = generateHash($salt . $newPass); // query the database if ($stmt = mysqli_prepare($link, $queryString)) { //Get the stored salt and hash as $dbSalt and $dbHash mysqli_stmt_bind_param($stmt, "sss", $salt, $hashPass, $user); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); // close prepared statement mysqli_close($link); echo 'Password succesfully changed.'; } else {