<?php require_once 'lib-password.php'; //password hashing lib - crpypt forward compat require_once 'lib-core.php'; require_once 'lib-auth.php'; $polrauth = new polrauth(); $authcreds['username'] = $mysqli->real_escape_string($_POST['username']); $authcreds['password'] = $mysqli->real_escape_string($_POST['password']); if (strstr($authcreds['username'], ' ')) { $authcreds['username'] = trim($authcreds['username']); } $authed = $polrauth->processlogin($authcreds['username'], $authcreds['password']); if ($authed == true) { $_SESSION['li'] = sha1('li'); $_SESSION['username'] = $authcreds['username']; $_SESSION['role'] = $polrauth->getrole($authcreds['username']); header('Location:index.php'); } else { require_once 'layout-headerlg.php'; echo '<h2>Incorrect password or username (or account not activated). Try again</h2><br />'; if ($fpass == true) { echo '<a href="forgotpass.php">Forgot Password?</a><br />'; } require_once 'layout-footerlg.php'; die; }
if ($action == 'changepw') { $currpw = $mysqli->real_escape_string($_POST['currpw']); $newpw = $mysqli->real_escape_string($_POST['newpw']); require_once '../lib-password.php'; function noMc($length = 23) { return substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length); } $salt = noMc(); $opts = array('cost' => 10, 'salt' => $salt); $hashed = password_hash($newpw, PASSWORD_BCRYPT, $opts); $sqr = "SELECT `password` FROM `auth` WHERE `username`='{$username}';"; $res = $mysqli->query($sqr); $fetch = mysqli_fetch_assoc($res); $hpw = $fetch['password']; $islegit = $polrauth->processlogin($username, $currpw); if (!$islegit) { require_once 'header.php'; echo "Invalid current password. <a href=\"index.php\">Back</a>"; require_once 'layout-footerlg.php'; die; } $sqr = "UPDATE auth SET password = '******' WHERE `username`='{$username}';"; $res = $mysqli->query($sqr); if ($res) { require_once 'header.php'; echo "Success! <a href='index.php'>Back</a>"; require_once 'layout-footerlg.php'; die; } else { require_once 'header.php';