Gitiles
Code Review Sign In
gerrit.avm99963.com / edu / fisi-pastanagapp / 5ee4ba6ddeb79d9aa90bcce2e293056331b70203 / . / php / change_password.php
blob: 26cb7093a72771b55c92ccf417bfd51d576bb8ca [file] [log] [blame]
Andreu20cbd1d2019-09-22 00:00:57 +0200[diff] [blame]1<?php
Andreu2457e402019-09-22 00:52:41 +0200[diff] [blame]2 require '../credentials.php';
Andreu20cbd1d2019-09-22 00:00:57 +0200[diff] [blame]3 require 'utils.php';
Adrià Vilanova Martínez163f5aa2022-11-20 01:17:20 +0100[diff] [blame]4 require (dirname(__FILE__)."/security.php");
5
6 Security::checkIsSignedIn();
Andreu20cbd1d2019-09-22 00:00:57 +0200[diff] [blame]7
Andreu20af6c22019-09-24 18:33:50 +0200[diff] [blame]8 $credentials = new Credentials();
Adrià Vilanova Martínez60524332022-11-20 02:33:56 +0100[diff] [blame]9 $usersdb = $credentials->usersdb();
Andreu20af6c22019-09-24 18:33:50 +0200[diff] [blame]10
Adrià Vilanova Martínezd3394e12022-11-19 15:45:58 +0100[diff] [blame]11 date_default_timezone_set("Europe/Madrid");
Andreu03d030d2019-09-25 21:52:01 +0200[diff] [blame]12
Andreu20cbd1d2019-09-22 00:00:57 +0200[diff] [blame]13 // Check if confirmation is the same
14 if ($_POST['password'] != $_POST['confirmation']) {
Adrià Vilanova Martínez13cf0cd2022-11-20 01:02:20 +0100[diff] [blame]15 header("Location: /main.php?wrongconfirmation=1");
16 exit();
Adrià Vilanova Martínez163f5aa2022-11-20 01:17:20 +0100[diff] [blame]17 } else if ($_POST['password'] == '') {
18 header("Location: /main.php");
19 exit();
Andreu20cbd1d2019-09-22 00:00:57 +0200[diff] [blame]20 } else {
21 // Execute query to change password
Adrià Vilanova Martínez13cf0cd2022-11-20 01:02:20 +0100[diff] [blame]22 $spassword = mysqli_real_escape_string($conn, password_hash($_POST["password"], PASSWORD_DEFAULT));
Adrià Vilanova Martínez163f5aa2022-11-20 01:17:20 +0100[diff] [blame]23 $update_password = "UPDATE $usersdb SET password=\"".$spassword."\" WHERE id=".(int)$_SESSION['id'];
Andreu03d030d2019-09-25 21:52:01 +0200[diff] [blame]24 if(!$result = query($update_password)) die("<script>window.location.href = '../main.php?errordb=1'</script>");
Adrià Vilanova Martínez163f5aa2022-11-20 01:17:20 +0100[diff] [blame]25
Andreu20cbd1d2019-09-22 00:00:57 +0200[diff] [blame]26 // Go back to main page
Adrià Vilanova Martínez13cf0cd2022-11-20 01:02:20 +0100[diff] [blame]27 header("Location: /main.php?successpassword=1");
28 exit();
Andreu20cbd1d2019-09-22 00:00:57 +0200[diff] [blame]29 }