From d5bd89e1d64d00f0d10926c470bc850646f4a969 Mon Sep 17 00:00:00 2001
From: Horus3
Date: Sun, 16 Mar 2014 23:39:07 +0100
Subject: Added func change_password

---
 www/constants.php               |  5 +++++
 www/functions/func_login.php    |  3 ++-
 www/functions/func_password.php | 30 ++++++++++++++++++++++++++++++
 www/include.php                 |  5 +++--
 4 files changed, 40 insertions(+), 3 deletions(-)
 create mode 100644 www/functions/func_password.php

diff --git a/www/constants.php b/www/constants.php
index 78a73bf..0b22908 100644
--- a/www/constants.php
+++ b/www/constants.php
@@ -21,3 +21,8 @@ define("INVITE_SUCCESSFULL", 14);
 define("INVITE_INVITES", 15);
 define("INVITE_DATABASE", 16);
 define("INVITE_USEREXISTS", 17);
+
+define("PASSWORD_SUCCESS", 18);
+define("PASSWORD_PASSWORD", 19);
+define("PASSWORD_DATABASE", 20);
+
diff --git a/www/functions/func_login.php b/www/functions/func_login.php
index 5a3dbc9..8088cd5 100755
--- a/www/functions/func_login.php
+++ b/www/functions/func_login.php
@@ -41,7 +41,8 @@ function login($db){
 }
 
 function logout(){
-        if(session_destroy()){
+        
+	if(session_destroy()){
                 return LOGOUT_SUCCESSFULL;
         } else {
                 return LOGOUT_FAILURE;
diff --git a/www/functions/func_password.php b/www/functions/func_password.php
new file mode 100644
index 0000000..9d2d08a
--- /dev/null
+++ b/www/functions/func_password.php
@@ -0,0 +1,30 @@
+<?php
+
+function change_password($db, $first_password, $second_password){
+	if($_SESSION["login"]){
+		$username = user($db, $_SESSION["username"]);
+	} else {
+		$username_db = $db->query("SELECT id FROM user WHERE email='" . SQLite3::escapeString($_POST['email']) . "';");
+		$username_ar = $username_db->fetchArray(SQLITE3_NUM);
+		$username = $username_ar[0];
+	}
+	
+	if($first_password != $second_password || !isset($first_password) || empty($first_password) || $first_password == ""){
+		return PASSWORD_PASSWORD;
+	}
+
+	$pepper = file_get_contents("../database/pepper.txt");
+	$password = $first_password . $pepper;
+
+	$hash_password = password_hash($password, PASSWORD_DEFAULT);
+
+	if($db->exec("
+		BEGIN TRANSACTION;
+		UPDATE user SET password='" . $hash_password . "' WHERE id=" . $username . ";
+		COMMIT;
+	")){
+		return PASSWORD_SUCCESS;
+	} else {
+		return PASSWORD_DATABASE;
+	}
+}
diff --git a/www/include.php b/www/include.php
index 3374574..bb51338 100755
--- a/www/include.php
+++ b/www/include.php
@@ -13,7 +13,8 @@ require_once($func_dir . "func_rewrite.php");		// rewrites URL if user forgot to
 require_once($func_dir . "func_select.php");		// get the primary key from the last folder
 require_once($func_dir . "func_user.php");		// gets the userid and account specific stuff
 require_once($func_dir . "func_content.php");		// get the vfs content
+require_once($func_dir . "func_password.php");		// changes the user password
 
-require_once("login.php");
-require_once("register.php");
+require_once("login.php");				// prints the login page
+require_once("register.php");				// prints the register page
 
-- 
cgit v1.2.3