<?php require_once '../vendor/autoload.php'; require_once 'infra.inc.php'; header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past header("Content-Type: text/plain; charset=UTF-8"); if (empty($_POST['username']) || empty($_POST['password'])) { exit("invalid data!!!"); } $pdoconfigurated = new \sys\PDOConfigurated($infra['db']); $pdo = $pdoconfigurated->getInstance(); $pdo->beginTransaction(); try { $stmt = $pdo->prepare("\n\t\t\tUPDATE sys.user\n\t\t\tSET\n\t\t\t\tpassword = :password\n\t\t\tWHERE\n\t\t\t\tid = (\n\t\t\t\t\tSELECT\n\t\t\t\t\t\tsys_user.id\n\t\t\t\t\tFROM account\n\t\t\t\t\t\tINNER JOIN sys.account AS sys_account ON (account.id = sys_account.id_account)\n\t\t\t\t\t\tINNER JOIN sys.user AS sys_user ON (sys_account.id = sys_user.id_sys_account)\n\t\t\t\t\tWHERE\n\t\t\t\t\t\taccount.code = :username\n\t\t\t\t\tLIMIT 1\n\t\t\t\t)\n\t\t"); $stmt->execute(['password' => \sys\oauth2\storage\PDO::encryptPassword($_POST['password']), 'username' => $_POST['username']]); if ($stmt->rowCount() == 0) { echo "No data to be updated!!!" . PHP_EOL; } $stmt->closeCursor(); } catch (\PDOException $excp) { $pdo->rollBack(); exit($excp->getMessage() . PHP_EOL); } if ($pdo->commit()) { echo "Update success" . PHP_EOL; } else { echo "Update fail!!!" . PHP_EOL; }
require_once '../vendor/autoload.php'; require_once 'infra.inc.php'; header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past header("Content-Type: text/plain; charset=UTF-8"); if (empty($_POST['username']) || empty($_POST['password'])) { exit("invalid data!!!"); } $pdoconfigurated = new \sys\PDOConfigurated($infra['db']); $pdo = $pdoconfigurated->getInstance(); try { $stmt = $pdo->prepare("\n\t\t\tSELECT\n\t\t\t\t account.*\n\t\t\t\t, sys_account.*\n\t\t\t\t, sys_user.*\n\t\t\tFROM sys.user AS sys_user\n\t\t\t\tINNER JOIN sys.account AS sys_account ON (sys_user.id_sys_account = sys_account.id)\n\t\t\t\tINNER JOIN account ON (sys_account.id_account = account.id)\n\t\t\tWHERE\n\t\t\t\taccount.code = :username\n\t\t\tLIMIT 1\n\t\t"); $stmt->execute(['username' => $_POST['username']]); $user = $stmt->fetch(\PDO::FETCH_ASSOC); $stmt->closeCursor(); if ($user) { $decrypt = \sys\oauth2\storage\PDO::decryptPassword($_POST['password'], $user['password']); if (hash_equals($user['password'], $decrypt)) { echo "Valid password" . PHP_EOL; } else { echo "Invalid password!!!" . PHP_EOL; } } else { echo "User not found!!!" . PHP_EOL; } } catch (\PDOException $excp) { exit($excp->getMessage() . PHP_EOL); }