From 12734da8826299ffd24c0a15f6dbf205892d7221 Mon Sep 17 00:00:00 2001
From: root
Date: Mon, 14 Apr 2014 08:35:13 +0200
Subject: Pushed to v3

---
 www/functions/func_password.php | 77 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 77 insertions(+)
 create mode 100644 www/functions/func_password.php

(limited to 'www/functions/func_password.php')

diff --git a/www/functions/func_password.php b/www/functions/func_password.php
new file mode 100644
index 0000000..3ee496b
--- /dev/null
+++ b/www/functions/func_password.php
@@ -0,0 +1,77 @@
+<?php
+
+function change_password($db, $first_password, $second_password){
+	if($_SESSION["login"]){
+		$username = user_id($db, $_SESSION["username"]);
+	} else {
+		$username_db = $db->query("SELECT id FROM user WHERE email='" . SQLite3::escapeString($_POST['email']) . "';");
+		$username_ar = $username_db->fetchArray(SQLITE3_NUM);
+		$username = $username_ar[0];
+	}
+	
+	if($first_password != $second_password || !isset($first_password) || empty($first_password) || $first_password == ""){
+		return PASSWORD_PASSWORD;
+	}
+
+	$pepper = file_get_contents("../database/pepper.txt");
+	$password = $first_password . $pepper;
+
+	$hash_password = password_hash($password, PASSWORD_DEFAULT);
+
+	if($db->exec("
+		BEGIN TRANSACTION;
+		UPDATE user SET password='" . $hash_password . "' WHERE id=" . $username . ";
+		COMMIT;
+	")){
+		return PASSWORD_SUCCESS;
+	} else {
+		return PASSWORD_DATABASE;
+	}
+}
+
+function recover_password($db){
+	$test_email_db = $db->query("SELECT 1 FROM user WHERE email='" . SQLite3::escapeString($_POST['email']) . "';");
+	$test_email_ar = $test_email_db->fetchArray(SQLITE3_NUM);
+
+	if($test_email_ar[0] == 1){
+		$password_array = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "_", "-", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9" );
+
+		$length = count($password_array);
+		$password = ""; 
+
+		for ($i=0;$i<21;$i++){
+			$index = mt_rand(0,$length-1);
+			$password = "$password".$password_array[$index];
+		}
+
+		$var = change_password($db, $password, $password);
+
+		if($var == PASSWORD_SUCCESS){
+
+			$subject = "Your new password is" . $password;
+			if(mail($_POST['email'], "New password", $subject, "From: mail@iamfabulous.de")){
+				return RECOVER_SUCCESS;
+			} else {
+				return RECOVER_EMAIL;
+			}
+		} else {
+			return $var;
+		}
+	} else {
+		return RECOVER_PROHIBITED;
+	}
+}
+
+function validate_password($db, $username, $password){
+	$res_db = $db->query("SELECT password FROM user WHERE name='".$db->escapeString($username)."'");
+	$res_ar = $res_db->fetchArray(SQLITE3_NUM);
+
+	$pepper = file_get_contents("../database/pepper.txt");
+	$password .= $pepper;
+
+	if(password_verify($password, $res_ar[0])){
+		return true;
+	} else {
+		return false;
+	}
+}
-- 
cgit v1.2.3