function verifyLogin($user_id, $password)
{
if (!checkLock("checkuser")) {
return -2;
}
$user_id = escape($user_id);
//decrypt the password if needed
require_once includePath() . "/crypto.php";
$password = decryptPassword($password);
$result = mysql_query("SELECT password, salt FROM users WHERE id='" . $user_id . "'");
if ($row = mysql_fetch_array($result)) {
if (chash2($password, hex2bin($row['salt'])) == $row['password']) {
return true;
} else {
lockAction("checkuser");
return -1;
}
} else {
lockAction("checkuser");
return -1;
}
}
function resetPassword($user_id, $password)
{
$user_id = escape($user_id);
$gen_salt = secure_random_bytes(20);
$db_salt = escape(bin2hex($gen_salt));
//decrypt the password if needed
require_once includePath() . "/crypto.php";
$password = decryptPassword($password);
$password = escape(chash2($password, $gen_salt));
mysql_query("UPDATE users SET password='******', salt = '{$db_salt}' WHERE id='{$user_id}'");
mysql_query("DELETE FROM reset WHERE user_id='{$user_id}'");
//make sure user doesn't reset again with same link
}
