function changePass()
{
require_once '../../../header.inc.php';
require_once inc_response;
require_once inc_dataReader;
$pdoAcc = PdoDataAccess::getPdoObject(config::$db_servers['master']["host"], config::$db_servers['master']["framework_user"], config::$db_servers['master']["framework_pass"], "framework");
$dt = PdoDataAccess::runquery("select * from AccountSpecs \n\t\t\t\t\t\t\t\t\t\twhere personID=:psid", array(":psid" => $_SESSION['PersonID']), $pdoAcc);
if (count($dt) == 0) {
echo "false";
die;
}
$password = md5($_POST["cur_pass"]);
$stored_seed = substr($dt[0]["pswd1"], 40, 10);
if (sha1($stored_seed . $password . $stored_seed) . $stored_seed != $dt[0]["pswd1"]) {
echo "CurPassError";
die;
}
$seed = '';
$password2 = md5($_POST["new_pass"]);
for ($i = 1; $i <= 10; $i++) {
$seed .= substr('0123456789abcdef', rand(0, 15), 1);
}
PdoDataAccess::RUNQUERY("update AccountSpecs set pswd1=:pswd where personID=:psid", array(":pswd" => sha1($seed . $password2 . $seed) . $seed, ":psid" => $_SESSION['PersonID']), $pdoAcc);
if (ExceptionHandler::GetExceptionCount() != 0) {
echo "CurPassError";
die;
}
//PdoDataAccess::AUDIT("AccountSpecs","تغییر رمز عبور", "");
echo "true";
die;
}
function changePass()
{
$dt = PdoDataAccess::runquery("select * from BSC_persons where PersonID=:p", array(":p" => $_SESSION['USER']["PersonID"]));
if (count($dt) == 0) {
echo Response::createObjectiveResponse(false, "");
die;
}
$hash_cost_log2 = 8;
$hasher = new PasswordHash($hash_cost_log2, true);
if (!$hasher->CheckPassword($_POST["cur_pass"], $dt[0]["UserPass"])) {
echo Response::createObjectiveResponse(false, "CurPassError");
die;
}
PdoDataAccess::RUNQUERY("update BSC_persons set UserPass=? where PersonID=?", array($hasher->HashPassword($_POST["new_pass"]), $_SESSION["USER"]["PersonID"]));
if (ExceptionHandler::GetExceptionCount() != 0) {
echo Response::createObjectiveResponse(false, "CurPassError");
die;
}
echo Response::createObjectiveResponse(true, "");
die;
}
