private function login($email, $password) { global $con; if (isset($email) && isset($password)) { $loggedin = false; $user_query = mysqli_query($con, "SELECT * FROM usr"); while ($user = mysqli_fetch_array($user_query)) { if (strlen(trim($user["password"])) >= SALT_LEN) { $current_user_salt = return_salt(trim($user["password"])); $given_pw_hashed = hash_password($password, $current_user_salt); if (trim($user["password"]) === trim($given_pw_hashed) && trim($email) === trim($user["email"])) { $loggedin = true; $_SESSION["userid"] = $user["id"]; $userUpdate = new User(array("action" => "update", "fields" => array("last_login" => time(), "active" => "1", "last_location" => json_encode(get_location())))); $userUpdate->run(true); switch (trim($user["status"])) { case 0: return 101; break; case 1: return 102; break; case 2: return 100; break; } } } } if (!$loggedin) { return 0; } } else { return 401; } }
//Includ everything include_once $_SERVER["DOC_ROOT"] . "/scripts/php/core.php"; //If the password was not specified... if ($_POST["current"] == "" || $_POST["password"] == "" || $_POST["repeat_password"] == "") { //...throw an error echo 105; exit; } else { if ($_POST["password"] != $_POST["repeat_password"]) { //...throw an error echo 105; exit; } else { $user_get_call = new User(array("action" => "get", "id" => $_SESSION["userid"])); $user_info = $user_get_call->run(true); $user_info = $user_info[0]; $current_salt = return_salt($user_info["password"]); $hashed_password = hash_password($_POST["current"], $current_salt); if ($hashed_password != $user_info["password"]) { echo 105; exit; } else { //Update the user's password $thisUser = new User(array("action" => "update", "fields" => array("password" => $_POST["password"]))); $thisUser->run(true); //Redirect and exit echo 200; exit; } } }