summaryrefslogtreecommitdiff
path: root/www/functions
diff options
context:
space:
mode:
Diffstat (limited to 'www/functions')
-rwxr-xr-xwww/functions/func_login.php3
-rw-r--r--www/functions/func_password.php30
2 files changed, 32 insertions, 1 deletions
diff --git a/www/functions/func_login.php b/www/functions/func_login.php
index 5a3dbc9..8088cd5 100755
--- a/www/functions/func_login.php
+++ b/www/functions/func_login.php
@@ -41,7 +41,8 @@ function login($db){
}
function logout(){
- if(session_destroy()){
+
+ if(session_destroy()){
return LOGOUT_SUCCESSFULL;
} else {
return LOGOUT_FAILURE;
diff --git a/www/functions/func_password.php b/www/functions/func_password.php
new file mode 100644
index 0000000..9d2d08a
--- /dev/null
+++ b/www/functions/func_password.php
@@ -0,0 +1,30 @@
+<?php
+
+function change_password($db, $first_password, $second_password){
+ if($_SESSION["login"]){
+ $username = user($db, $_SESSION["username"]);
+ } else {
+ $username_db = $db->query("SELECT id FROM user WHERE email='" . SQLite3::escapeString($_POST['email']) . "';");
+ $username_ar = $username_db->fetchArray(SQLITE3_NUM);
+ $username = $username_ar[0];
+ }
+
+ if($first_password != $second_password || !isset($first_password) || empty($first_password) || $first_password == ""){
+ return PASSWORD_PASSWORD;
+ }
+
+ $pepper = file_get_contents("../database/pepper.txt");
+ $password = $first_password . $pepper;
+
+ $hash_password = password_hash($password, PASSWORD_DEFAULT);
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ UPDATE user SET password='" . $hash_password . "' WHERE id=" . $username . ";
+ COMMIT;
+ ")){
+ return PASSWORD_SUCCESS;
+ } else {
+ return PASSWORD_DATABASE;
+ }
+}