function changePass() { require_once '../../../header.inc.php'; require_once inc_response; require_once inc_dataReader; $pdoAcc = PdoDataAccess::getPdoObject(config::$db_servers['master']["host"], config::$db_servers['master']["framework_user"], config::$db_servers['master']["framework_pass"], "framework"); $dt = PdoDataAccess::runquery("select * from AccountSpecs \n\t\t\t\t\t\t\t\t\t\twhere personID=:psid", array(":psid" => $_SESSION['PersonID']), $pdoAcc); if (count($dt) == 0) { echo "false"; die; } $password = md5($_POST["cur_pass"]); $stored_seed = substr($dt[0]["pswd1"], 40, 10); if (sha1($stored_seed . $password . $stored_seed) . $stored_seed != $dt[0]["pswd1"]) { echo "CurPassError"; die; } $seed = ''; $password2 = md5($_POST["new_pass"]); for ($i = 1; $i <= 10; $i++) { $seed .= substr('0123456789abcdef', rand(0, 15), 1); } PdoDataAccess::RUNQUERY("update AccountSpecs set pswd1=:pswd where personID=:psid", array(":pswd" => sha1($seed . $password2 . $seed) . $seed, ":psid" => $_SESSION['PersonID']), $pdoAcc); if (ExceptionHandler::GetExceptionCount() != 0) { echo "CurPassError"; die; } //PdoDataAccess::AUDIT("AccountSpecs","تغییر رمز عبور", ""); echo "true"; die; }
function changePass() { $dt = PdoDataAccess::runquery("select * from BSC_persons where PersonID=:p", array(":p" => $_SESSION['USER']["PersonID"])); if (count($dt) == 0) { echo Response::createObjectiveResponse(false, ""); die; } $hash_cost_log2 = 8; $hasher = new PasswordHash($hash_cost_log2, true); if (!$hasher->CheckPassword($_POST["cur_pass"], $dt[0]["UserPass"])) { echo Response::createObjectiveResponse(false, "CurPassError"); die; } PdoDataAccess::RUNQUERY("update BSC_persons set UserPass=? where PersonID=?", array($hasher->HashPassword($_POST["new_pass"]), $_SESSION["USER"]["PersonID"])); if (ExceptionHandler::GetExceptionCount() != 0) { echo Response::createObjectiveResponse(false, "CurPassError"); die; } echo Response::createObjectiveResponse(true, ""); die; }