blob: 17d64bd596180e4d52939df35601b894c17ad83d [file] [log] [blame]
Andreu20cbd1d2019-09-22 00:00:57 +02001<?php
Andreu2457e402019-09-22 00:52:41 +02002 require '../credentials.php';
Andreu20cbd1d2019-09-22 00:00:57 +02003 require 'utils.php';
Adrià Vilanova Martínez163f5aa2022-11-20 01:17:20 +01004 require (dirname(__FILE__)."/security.php");
5
6 Security::checkIsSignedIn();
Andreu20cbd1d2019-09-22 00:00:57 +02007
Andreu20af6c22019-09-24 18:33:50 +02008 $credentials = new Credentials();
9 $usersdb = $credentials->usersdb;
Andreu20af6c22019-09-24 18:33:50 +020010
Adrià Vilanova Martínezd3394e12022-11-19 15:45:58 +010011 date_default_timezone_set("Europe/Madrid");
Andreu03d030d2019-09-25 21:52:01 +020012
Andreu20cbd1d2019-09-22 00:00:57 +020013 // Check if confirmation is the same
14 if ($_POST['password'] != $_POST['confirmation']) {
Adrià Vilanova Martínez13cf0cd2022-11-20 01:02:20 +010015 header("Location: /main.php?wrongconfirmation=1");
16 exit();
Adrià Vilanova Martínez163f5aa2022-11-20 01:17:20 +010017 } else if ($_POST['password'] == '') {
18 header("Location: /main.php");
19 exit();
Andreu20cbd1d2019-09-22 00:00:57 +020020 } else {
21 // Execute query to change password
Adrià Vilanova Martínez13cf0cd2022-11-20 01:02:20 +010022 $spassword = mysqli_real_escape_string($conn, password_hash($_POST["password"], PASSWORD_DEFAULT));
Adrià Vilanova Martínez163f5aa2022-11-20 01:17:20 +010023 $update_password = "UPDATE $usersdb SET password=\"".$spassword."\" WHERE id=".(int)$_SESSION['id'];
Andreu03d030d2019-09-25 21:52:01 +020024 if(!$result = query($update_password)) die("<script>window.location.href = '../main.php?errordb=1'</script>");
Adrià Vilanova Martínez163f5aa2022-11-20 01:17:20 +010025
Andreu20cbd1d2019-09-22 00:00:57 +020026 // Go back to main page
Adrià Vilanova Martínez13cf0cd2022-11-20 01:02:20 +010027 header("Location: /main.php?successpassword=1");
28 exit();
Andreu20cbd1d2019-09-22 00:00:57 +020029 }