/** * @param $user * @param string $old * @param string $pass * @param \PDO $link * @return bool */ function change_admin_password($user, $old, $pass, $link) { $sql = "SELECT password FROM synadmin WHERE user = :user"; $stmt = $link->prepare($sql); $stmt->bindValue(':user', $user); $use_password_verify = defined('SYNAPP_USE_PASSWORD_HASH_AUTHENTICATION') && (SYNAPP_USE_PASSWORD_HASH_AUTHENTICATION === true || is_string(SYNAPP_USE_PASSWORD_HASH_AUTHENTICATION) && (trim(strtolower(SYNAPP_USE_PASSWORD_HASH_AUTHENTICATION)) === 'on' || trim(strtolower(SYNAPP_USE_PASSWORD_HASH_AUTHENTICATION)) === 'true' || trim(strtolower(SYNAPP_USE_PASSWORD_HASH_AUTHENTICATION)) === '1')) ? true : false; if ($stmt->execute() !== false && ($ua = $stmt->fetch(PDO::FETCH_ASSOC))) { if ($ua['password'] !== 'nologin') { if ($use_password_verify) { if (!password_verify($old, $ua['password'])) { return false; } } else { $saltNhash = explode('$', $ua['password']); if ($saltNhash[1] !== hash("sha256", $saltNhash[0] . $old . NORAINBOW_SALT)) { return false; } } } } else { $link = null; return false; } return change_admin_password_no_verify($user, $pass, $link); }
/** * @param string $user * @param string $password * @param \PDO $link * @return bool */ function changepassword($user, $password, $link) { return change_admin_password_no_verify($user, $password, $link); }