-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathchange_password.php
50 lines (47 loc) · 2.05 KB
/
change_password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
<?php
session_start();
if(isset($_POST['password'])){
$password = $_POST['password'];
$new_password1 = $_POST['new_password1'];
$new_password2 = $_POST['new_password2'];
require_once "connect.php";
$connection = @new mysqli($db_host, $db_user, $db_password, $db_name);
$connection->set_charset('utf8');
if ($connection->connect_errno != 0) {
$_SESSION['change_pass_i'] = "Wystąpił błąd";
} else {
$sql = "SELECT id, password FROM users WHERE id=".$_SESSION['id'];
$result = mysqli_query($connection, $sql);
if (!$result || is_null($password) || is_null($new_password1) || is_null($new_password2)) {
$_SESSION['change_pass_i'] = "Wystąpił błąd";
header("Location:" . $_SESSION['last_page']);
$connection->close();
} else {
if($new_password1 == $new_password2 && strlen($new_password1)>=8 && strlen($new_password2) <= 20){
$row = mysqli_fetch_assoc($result);
if(password_verify($password, $row['password'])){
$sql = "UPDATE users SET password = '".password_hash($new_password1, PASSWORD_DEFAULT)."' WHERE id = ".$row['id'];
$connection -> query($sql);
$_SESSION['change_pass_i'] = "Zmieniono hasło";
header('Location:'.$_SESSION['last_page']);
$connection -> close();
} else {
$_SESSION['change_pass_i'] = "Złe hasło";
header('Location:'.$_SESSION['last_page']);
$connection -> close();
}
} else {
header('Location:'.$_SESSION['last_page']);
$_SESSION['change_pass_i'] = "Nowe hasła się nie zgadzają są złej długości (8 do 20 znaków)";
$connection -> close();
}
}
}
} else {
$_SESSION['change_pass_i'] = "Wystąpił błąd";
if(isset($_SESSION["last_page"]))
header('Location:'.$_SESSION['last_page']);
else
header("Location: index.php");
}
?>