php/change_password.php - edu/fisi-pastanagapp - Gitiles

 <?php
 	require '../credentials.php';
 	require 'utils.php';

 	$credentials = new Credentials();
 	$usersdb = $credentials->usersdb;

 	date_default_timezone_set("Europe/Madrid");

 	// Check if confirmation is the same
 	if ($_POST['password'] != $_POST['confirmation']) {
 		header("Location: /main.php?wrongconfirmation=1");
 		exit();
 	} else {
 		// Execute query to change password
 		$spassword = mysqli_real_escape_string($conn, password_hash($_POST["password"], PASSWORD_DEFAULT));
 		$update_password = "UPDATE $usersdb SET password=\"".$spassword."\" WHERE id=".(int)$_POST['userid'];
 		if(!$result = query($update_password)) die("<script>window.location.href = '../main.php?errordb=1'</script>");

 		// Sign in
 		$_SESSION["id"] = (int)$_POST['userid'];

 		// Go back to main page
 		header("Location: /main.php?successpassword=1");
 		exit();
 	}
	<?php
	require '../credentials.php';
	require 'utils.php';

	$credentials = new Credentials();
	$usersdb = $credentials->usersdb;

	date_default_timezone_set("Europe/Madrid");

	// Check if confirmation is the same
	if ($_POST['password'] != $_POST['confirmation']) {
	header("Location: /main.php?wrongconfirmation=1");
	exit();
	} else {
	// Execute query to change password
	$spassword = mysqli_real_escape_string($conn, password_hash($_POST["password"], PASSWORD_DEFAULT));
	$update_password = "UPDATE $usersdb SET password=\"".$spassword."\" WHERE id=".(int)$_POST['userid'];
	if(!$result = query($update_password)) die("<script>window.location.href = '../main.php?errordb=1'</script>");

	// Sign in
	$_SESSION["id"] = (int)$_POST['userid'];

	// Go back to main page
	header("Location: /main.php?successpassword=1");
	exit();
	}