diff options
Diffstat (limited to 'www')
| -rw-r--r-- | www/constants.php | 5 | ||||
| -rwxr-xr-x | www/functions/func_login.php | 3 | ||||
| -rw-r--r-- | www/functions/func_password.php | 30 | ||||
| -rwxr-xr-x | www/include.php | 5 |
4 files changed, 40 insertions, 3 deletions
diff --git a/www/constants.php b/www/constants.php index 78a73bf..0b22908 100644 --- a/www/constants.php +++ b/www/constants.php @@ -21,3 +21,8 @@ define("INVITE_SUCCESSFULL", 14); define("INVITE_INVITES", 15); define("INVITE_DATABASE", 16); define("INVITE_USEREXISTS", 17); + +define("PASSWORD_SUCCESS", 18); +define("PASSWORD_PASSWORD", 19); +define("PASSWORD_DATABASE", 20); + diff --git a/www/functions/func_login.php b/www/functions/func_login.php index 5a3dbc9..8088cd5 100755 --- a/www/functions/func_login.php +++ b/www/functions/func_login.php @@ -41,7 +41,8 @@ function login($db){ } function logout(){ - if(session_destroy()){ + + if(session_destroy()){ return LOGOUT_SUCCESSFULL; } else { return LOGOUT_FAILURE; diff --git a/www/functions/func_password.php b/www/functions/func_password.php new file mode 100644 index 0000000..9d2d08a --- /dev/null +++ b/www/functions/func_password.php @@ -0,0 +1,30 @@ +<?php + +function change_password($db, $first_password, $second_password){ + if($_SESSION["login"]){ + $username = user($db, $_SESSION["username"]); + } else { + $username_db = $db->query("SELECT id FROM user WHERE email='" . SQLite3::escapeString($_POST['email']) . "';"); + $username_ar = $username_db->fetchArray(SQLITE3_NUM); + $username = $username_ar[0]; + } + + if($first_password != $second_password || !isset($first_password) || empty($first_password) || $first_password == ""){ + return PASSWORD_PASSWORD; + } + + $pepper = file_get_contents("../database/pepper.txt"); + $password = $first_password . $pepper; + + $hash_password = password_hash($password, PASSWORD_DEFAULT); + + if($db->exec(" + BEGIN TRANSACTION; + UPDATE user SET password='" . $hash_password . "' WHERE id=" . $username . "; + COMMIT; + ")){ + return PASSWORD_SUCCESS; + } else { + return PASSWORD_DATABASE; + } +} diff --git a/www/include.php b/www/include.php index 3374574..bb51338 100755 --- a/www/include.php +++ b/www/include.php @@ -13,7 +13,8 @@ require_once($func_dir . "func_rewrite.php"); // rewrites URL if user forgot to require_once($func_dir . "func_select.php"); // get the primary key from the last folder require_once($func_dir . "func_user.php"); // gets the userid and account specific stuff require_once($func_dir . "func_content.php"); // get the vfs content +require_once($func_dir . "func_password.php"); // changes the user password -require_once("login.php"); -require_once("register.php"); +require_once("login.php"); // prints the login page +require_once("register.php"); // prints the register page |