The following files exists in this folder. Click to view.
change_password.php35 lines UTF-8 Unix (LF)
<?php
session_start();
require_once('databaseconnection.php');
include('check_login.php');
if(isset($_POST['username']) and isset($_POST['password'])){
$password = sha1("LBM".trim($_POST['password'])."Stegen"); //krypterar
$username = trim($_POST['username']);
$username = htmlspecialchars($username, ENT_QUOTES, "UTF-8");
$sql = "SELECT * FROM Users
WHERE username = :username AND password = :password";
$stm = $pdo->prepare($sql);
$stm->execute(array('username' => $username, 'password' => $password));
$res = $stm->fetch(PDO::FETCH_ASSOC);
if(isset($res["userId"])){
if($res['active'] != 1){ //Ifall usern är raderad
header('location: index.php?action=login&mess=deleted');
exit();
}
$new_pass = sha1("LBM".$_POST['newpassword']."Stegen");
$userId = $res['userId'];
$sql = "UPDATE Users SET password = '$new_pass' WHERE userId = $userId;";
$stm = $pdo->prepare($sql);
$stm->execute();
header('location: logout.php?action=password_change');
exit();
}
}
header('location: password_form.php?mess=wrong');
exit();
?>