Merge branch 'marijn-settings' into 'master'
Password change See merge request !124
This commit was merged in pull request #128.
This commit is contained in:
Marijn Jansen
@@ -8,16 +8,19 @@ if ($_SERVER["REQUEST_METHOD"] == "GET") {
|
||||
echo "Ongeldige link.";
|
||||
}
|
||||
} else {
|
||||
echo "Ongeldige link";
|
||||
echo "Ongeldige link.";
|
||||
}
|
||||
} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||
if (verifyLink($_POST["u"], $_POST["h"])) {
|
||||
if ($_POST["password"] == $_POST["password-confirm"]) {
|
||||
changePassword();
|
||||
echo "Wachtwoord is veranderd";
|
||||
} else {
|
||||
echo "Wachtwoorden zijn niet hetzelfde";
|
||||
}
|
||||
}
|
||||
} else {
|
||||
echo "Ongeldige link";
|
||||
echo "Ongeldige link.";
|
||||
}
|
||||
|
||||
function changePassword() {
|
||||
@@ -29,7 +32,7 @@ function changePassword() {
|
||||
WHERE
|
||||
`userID` = :userID
|
||||
");
|
||||
$stmt->bindParam(":password", $_POST["password"]);
|
||||
$stmt->bindValue(":password", password_hash($_POST["password"], PASSWORD_DEFAULT));
|
||||
$stmt->bindParam(":userID", $_POST["u"]);
|
||||
$stmt->execute();
|
||||
}
|
||||
@@ -44,6 +47,7 @@ function verifyLink(int $userID, string $hash) {
|
||||
`userID` = :userID
|
||||
");
|
||||
$stmt->bindParam(":userID", $userID);
|
||||
$stmt->execute();
|
||||
$password = $stmt->fetch()["password"];
|
||||
return password_verify($password, $hash);
|
||||
}
|
||||
@@ -15,7 +15,6 @@ function sendPasswordRecovery(string $email) {
|
||||
$stmt->bindParam(":email", $email);
|
||||
$stmt->execute();
|
||||
if (!$stmt->rowCount()) {
|
||||
// TODO: Just stop.
|
||||
return;
|
||||
}
|
||||
$result = $stmt->fetch();
|
||||
@@ -25,8 +24,6 @@ function sendPasswordRecovery(string $email) {
|
||||
$hashedHash = password_hash($hash, PASSWORD_DEFAULT);
|
||||
setHashToDatabase($userID, $hash);
|
||||
doSendPasswordRecovery($userID, $email, $username, $hashedHash);
|
||||
|
||||
|
||||
} else {
|
||||
// TODO: Be angry!
|
||||
}
|
||||
@@ -46,10 +43,12 @@ function setHashToDatabase(int $userID, string $hash) {
|
||||
UPDATE
|
||||
`user`
|
||||
SET
|
||||
`password` = $hash
|
||||
`password` = :hash
|
||||
WHERE
|
||||
`userID` = $userID
|
||||
`userID` = :userID
|
||||
");
|
||||
$stmt->bindParam(":hash", $hash);
|
||||
$stmt->bindParam(":userID", $userID);
|
||||
$stmt->execute();
|
||||
return $stmt->rowCount();
|
||||
}
|
||||
Reference in New Issue
Block a user