diff options
| author | root | 2014-04-14 08:35:13 +0200 |
|---|---|---|
| committer | root | 2014-04-14 08:35:13 +0200 |
| commit | 12734da8826299ffd24c0a15f6dbf205892d7221 (patch) | |
| tree | 3b894dd30e332df23a564ce44e42ce164c8abd78 /www/functions/func_password.php | |
| parent | 7b9d516cd3bcdb8eaa5f1eb533d71010061c681b (diff) | |
| download | jungegemeinde-12734da8826299ffd24c0a15f6dbf205892d7221.tar.gz | |
Pushed to v3
Diffstat (limited to 'www/functions/func_password.php')
| -rw-r--r-- | www/functions/func_password.php | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/www/functions/func_password.php b/www/functions/func_password.php new file mode 100644 index 0000000..3ee496b --- /dev/null +++ b/www/functions/func_password.php @@ -0,0 +1,77 @@ +<?php + +function change_password($db, $first_password, $second_password){ + if($_SESSION["login"]){ + $username = user_id($db, $_SESSION["username"]); + } else { + $username_db = $db->query("SELECT id FROM user WHERE email='" . SQLite3::escapeString($_POST['email']) . "';"); + $username_ar = $username_db->fetchArray(SQLITE3_NUM); + $username = $username_ar[0]; + } + + if($first_password != $second_password || !isset($first_password) || empty($first_password) || $first_password == ""){ + return PASSWORD_PASSWORD; + } + + $pepper = file_get_contents("../database/pepper.txt"); + $password = $first_password . $pepper; + + $hash_password = password_hash($password, PASSWORD_DEFAULT); + + if($db->exec(" + BEGIN TRANSACTION; + UPDATE user SET password='" . $hash_password . "' WHERE id=" . $username . "; + COMMIT; + ")){ + return PASSWORD_SUCCESS; + } else { + return PASSWORD_DATABASE; + } +} + +function recover_password($db){ + $test_email_db = $db->query("SELECT 1 FROM user WHERE email='" . SQLite3::escapeString($_POST['email']) . "';"); + $test_email_ar = $test_email_db->fetchArray(SQLITE3_NUM); + + if($test_email_ar[0] == 1){ + $password_array = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "_", "-", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9" ); + + $length = count($password_array); + $password = ""; + + for ($i=0;$i<21;$i++){ + $index = mt_rand(0,$length-1); + $password = "$password".$password_array[$index]; + } + + $var = change_password($db, $password, $password); + + if($var == PASSWORD_SUCCESS){ + + $subject = "Your new password is" . $password; + if(mail($_POST['email'], "New password", $subject, "From: mail@iamfabulous.de")){ + return RECOVER_SUCCESS; + } else { + return RECOVER_EMAIL; + } + } else { + return $var; + } + } else { + return RECOVER_PROHIBITED; + } +} + +function validate_password($db, $username, $password){ + $res_db = $db->query("SELECT password FROM user WHERE name='".$db->escapeString($username)."'"); + $res_ar = $res_db->fetchArray(SQLITE3_NUM); + + $pepper = file_get_contents("../database/pepper.txt"); + $password .= $pepper; + + if(password_verify($password, $res_ar[0])){ + return true; + } else { + return false; + } +} |