function verifyLogin($user_id, $password) { if (!checkLock("checkuser")) { return -2; } $user_id = escape($user_id); //decrypt the password if needed require_once includePath() . "/crypto.php"; $password = decryptPassword($password); $result = mysql_query("SELECT password, salt FROM users WHERE id='" . $user_id . "'"); if ($row = mysql_fetch_array($result)) { if (chash2($password, hex2bin($row['salt'])) == $row['password']) { return true; } else { lockAction("checkuser"); return -1; } } else { lockAction("checkuser"); return -1; } }
function resetPassword($user_id, $password) { $user_id = escape($user_id); $gen_salt = secure_random_bytes(20); $db_salt = escape(bin2hex($gen_salt)); //decrypt the password if needed require_once includePath() . "/crypto.php"; $password = decryptPassword($password); $password = escape(chash2($password, $gen_salt)); mysql_query("UPDATE users SET password='******', salt = '{$db_salt}' WHERE id='{$user_id}'"); mysql_query("DELETE FROM reset WHERE user_id='{$user_id}'"); //make sure user doesn't reset again with same link }