?> </div> </div> <div class="component-right"> <div class="container container-padded"> <h3>Change Password</h3> <?php if (isset($_POST["change-pw-submit"])) { $old_pw = isset($_POST["old-password"]) && $_POST["old-password"] != "" ? $_POST["old-password"] : null; $new_pw = isset($_POST["new-password"]) && $_POST["new-password"] != "" ? $_POST["new-password"] : null; $confirm = isset($_POST["confirm"]) && $_POST["confirm"] != "" ? $_POST["confirm"] : null; if ($old_pw && $new_pw && $confirm) { if ($new_pw != $confirm) { echo '<p class="error">Your new passwords do not match.</p>'; } else { $valid_old = validate_credentials($user["email"], $old_pw); if ($valid_old === false) { echo '<p class="error">You entered an invalid old password.</p>'; } else { $changed = change_password($id, $new_pw); if ($changed) { echo '<p>Success! Your password has been changed.</p>'; } else { echo '<p class="error">Your password could not be changed due to a database error.</p>'; } } } } else { echo '<p class="error">You must provide a value for every field.</p>'; } }
<?php require_once __DIR__ . "/../config/config.php"; require_once __DIR__ . "/../util/web.php"; require_once __DIR__ . "/../util/security.php"; require_once __DIR__ . "/../service/auth_service.php"; require_once __DIR__ . "/../service/data_service.php"; if (session_id() == '' || !isset($_SESSION)) { // session isn't started session_start(); } if (isset($_POST["action"]) && $_POST["action"] === "Login") { //Retrieve username & password $validationResult = validate_credentials($_POST); if (count($validationResult) > 0) { $_SESSION["errors"] = $validationResult; $url = APPLICATION_ROOT . "/index.php"; redirect($url); exit; } $userName = $_POST["userName"]; $password = $_POST["password"]; $user = get_user($userName); if ($user) { $salt = $user[user_SALT]; $enteredPassword = encrypt_password($password, $salt); $savedPassword = $user[user_PASSWORD]; if ($savedPassword === $enteredPassword) { if (session_id() == '' || !isset($_SESSION)) { // session isn't started session_start();
<div class="component-right"> <div class="container container-padded"> <h3>Login</h3> <h4>Enter your details in the fields below and click Login.</h4> <p>No account? <a href="/login/signup">Sign up.</a></p> <?php if (!isset($_POST["login-submit"])) { print_login_form(); } else { $email = isset($_POST["email"]) ? $_POST["email"] : null; $password = isset($_POST["password"]) ? $_POST["password"] : null; if ($email == null || $password == null) { echo '<span class="error">Please fill in all the fields.</span>'; print_login_form(); } else { $user = validate_credentials($email, $password); if (!$user) { echo '<span class="error">Incorrect email/password combination.</span>'; print_login_form(); } else { session_destroy(); session_start(); $_SESSION["UserAuthKey"] = hash("sha256", $email . date("dmYHis")); $_SESSION["UserName"] = $user["username"]; $_SESSION["AuthLevel"] = $user["auth_level"]; $_SESSION["UserId"] = $user["id"]; header("Location: /"); } } } ?>
<?php require_once "libraries/lib.php"; $uname = esc($_POST['uname']); $upass = esc($_POST['upass']); if (strlen(trim($uname)) > 0 && strlen(trim($upass)) > 0) { $user_id = validate_credentials(); if ($user_id > 0) { create_session($user_id); } header("Location: index.php?op=dashboard"); }