aboutsummaryrefslogtreecommitdiff
path: root/www/functions/func_password.php
diff options
context:
space:
mode:
Diffstat (limited to 'www/functions/func_password.php')
-rw-r--r--www/functions/func_password.php77
1 files changed, 0 insertions, 77 deletions
diff --git a/www/functions/func_password.php b/www/functions/func_password.php
deleted file mode 100644
index e515111..0000000
--- a/www/functions/func_password.php
+++ /dev/null
@@ -1,77 +0,0 @@
-<?php
-
-function change_password($db, $first_password, $second_password){
- if($_SESSION["login"]){
- $username = user_id($db, $_SESSION["username"]);
- } else {
- $username_db = $db->query("SELECT id FROM user WHERE email='" . SQLite3::escapeString(htmlentities($_POST['email'])) . "';");
- $username_ar = $username_db->fetchArray(SQLITE3_NUM);
- $username = $username_ar[0];
- }
-
- if($first_password != $second_password || !isset($first_password) || empty($first_password) || $first_password == ""){
- return PASSWORD_PASSWORD;
- }
-
- $pepper = file_get_contents("../database/pepper.txt");
- $password = $first_password . $pepper;
-
- $hash_password = password_hash($password, PASSWORD_DEFAULT);
-
- if($db->exec("
- BEGIN TRANSACTION;
- UPDATE user SET password='" . $hash_password . "' WHERE id=" . $username . ";
- COMMIT;
- ")){
- return PASSWORD_SUCCESS;
- } else {
- return PASSWORD_DATABASE;
- }
-}
-
-function recover_password($db){
- $test_email_db = $db->query("SELECT 1 FROM user WHERE email='" . SQLite3::escapeString(htmlentities($_POST['email'])) . "';");
- $test_email_ar = $test_email_db->fetchArray(SQLITE3_NUM);
-
- if($test_email_ar[0] == 1){
- $password_array = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "_", "-", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9" );
-
- $length = count($password_array);
- $password = "";
-
- for ($i=0;$i<21;$i++){
- $index = mt_rand(0,$length-1);
- $password = "$password".$password_array[$index];
- }
-
- $var = change_password($db, $password, $password);
-
- if($var == PASSWORD_SUCCESS){
-
- $subject = "Your new password is" . $password;
- if(mail($_POST['email'], "New password", $subject, "From: mail@iamfabulous.de")){
- return RECOVER_SUCCESS;
- } else {
- return RECOVER_EMAIL;
- }
- } else {
- return $var;
- }
- } else {
- return RECOVER_PROHIBITED;
- }
-}
-
-function validate_password($db, $username, $password){
- $res_db = $db->query("SELECT password FROM user WHERE name='".$db->escapeString(htmlentities($username))."'");
- $res_ar = $res_db->fetchArray(SQLITE3_NUM);
-
- $pepper = file_get_contents("../database/pepper.txt");
- $password .= $pepper;
-
- if(password_verify($password, $res_ar[0])){
- return true;
- } else {
- return false;
- }
-}