Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame] | 1 | <?php |
Andreu | 2457e40 | 2019-09-22 00:52:41 +0200 | [diff] [blame] | 2 | require '../credentials.php'; |
Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame] | 3 | require 'utils.php'; |
Adrià Vilanova Martínez | 163f5aa | 2022-11-20 01:17:20 +0100 | [diff] [blame] | 4 | require (dirname(__FILE__)."/security.php"); |
| 5 | |
| 6 | Security::checkIsSignedIn(); |
Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame] | 7 | |
Andreu | 20af6c2 | 2019-09-24 18:33:50 +0200 | [diff] [blame] | 8 | $credentials = new Credentials(); |
Adrià Vilanova Martínez | 6052433 | 2022-11-20 02:33:56 +0100 | [diff] [blame^] | 9 | $usersdb = $credentials->usersdb(); |
Andreu | 20af6c2 | 2019-09-24 18:33:50 +0200 | [diff] [blame] | 10 | |
Adrià Vilanova Martínez | d3394e1 | 2022-11-19 15:45:58 +0100 | [diff] [blame] | 11 | date_default_timezone_set("Europe/Madrid"); |
Andreu | 03d030d | 2019-09-25 21:52:01 +0200 | [diff] [blame] | 12 | |
Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame] | 13 | // Check if confirmation is the same |
| 14 | if ($_POST['password'] != $_POST['confirmation']) { |
Adrià Vilanova Martínez | 13cf0cd | 2022-11-20 01:02:20 +0100 | [diff] [blame] | 15 | header("Location: /main.php?wrongconfirmation=1"); |
| 16 | exit(); |
Adrià Vilanova Martínez | 163f5aa | 2022-11-20 01:17:20 +0100 | [diff] [blame] | 17 | } else if ($_POST['password'] == '') { |
| 18 | header("Location: /main.php"); |
| 19 | exit(); |
Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame] | 20 | } else { |
| 21 | // Execute query to change password |
Adrià Vilanova Martínez | 13cf0cd | 2022-11-20 01:02:20 +0100 | [diff] [blame] | 22 | $spassword = mysqli_real_escape_string($conn, password_hash($_POST["password"], PASSWORD_DEFAULT)); |
Adrià Vilanova Martínez | 163f5aa | 2022-11-20 01:17:20 +0100 | [diff] [blame] | 23 | $update_password = "UPDATE $usersdb SET password=\"".$spassword."\" WHERE id=".(int)$_SESSION['id']; |
Andreu | 03d030d | 2019-09-25 21:52:01 +0200 | [diff] [blame] | 24 | if(!$result = query($update_password)) die("<script>window.location.href = '../main.php?errordb=1'</script>"); |
Adrià Vilanova Martínez | 163f5aa | 2022-11-20 01:17:20 +0100 | [diff] [blame] | 25 | |
Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame] | 26 | // Go back to main page |
Adrià Vilanova Martínez | 13cf0cd | 2022-11-20 01:02:20 +0100 | [diff] [blame] | 27 | header("Location: /main.php?successpassword=1"); |
| 28 | exit(); |
Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame] | 29 | } |