MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Password change #128

Merged
11166932 merged 1 commits from marijn-settings into master 2017-01-25 16:21:48 +01:00
Conversation 2 Commits 1 Files Changed 2 +11 -8
2 changed files with 11 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
website/public/resetpassword.php
View File

@@ -8,16 +8,19 @@ if ($_SERVER["REQUEST_METHOD"] == "GET") {
echo "Ongeldige link."; echo "Ongeldige link.";
} }
} else { } else {
echo "Ongeldige link"; echo "Ongeldige link.";
} }
} elseif ($_SERVER["REQUEST_METHOD"] == "POST") { } elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
if (verifyLink($_POST["u"], $_POST["h"])) { if (verifyLink($_POST["u"], $_POST["h"])) {
if ($_POST["password"] == $_POST["password-confirm"]) { if ($_POST["password"] == $_POST["password-confirm"]) {
changePassword(); changePassword();
echo "Wachtwoord is veranderd";
} else {
echo "Wachtwoorden zijn niet hetzelfde";
} }
} }
} else { } else {
echo "Ongeldige link"; echo "Ongeldige link.";
} }
function changePassword() { function changePassword() {
@@ -29,7 +32,7 @@ function changePassword() {
WHERE WHERE
`userID` = :userID `userID` = :userID
"); ");
$stmt->bindParam(":password", $_POST["password"]); $stmt->bindValue(":password", password_hash($_POST["password"], PASSWORD_DEFAULT));
$stmt->bindParam(":userID", $_POST["u"]); $stmt->bindParam(":userID", $_POST["u"]);
$stmt->execute(); $stmt->execute();
} }
@@ -44,6 +47,7 @@ function verifyLink(int $userID, string $hash) {
`userID` = :userID `userID` = :userID
"); ");
$stmt->bindParam(":userID", $userID); $stmt->bindParam(":userID", $userID);
$stmt->execute();
$password = $stmt->fetch()["password"]; $password = $stmt->fetch()["password"];
return password_verify($password, $hash); return password_verify($password, $hash);
} }

9
website/queries/requestpassword.php
View File

@@ -15,7 +15,6 @@ function sendPasswordRecovery(string $email) {
$stmt->bindParam(":email", $email); $stmt->bindParam(":email", $email);
$stmt->execute(); $stmt->execute();
if (!$stmt->rowCount()) { if (!$stmt->rowCount()) {
// TODO: Just stop.
return; return;
} }
$result = $stmt->fetch(); $result = $stmt->fetch();
@@ -25,8 +24,6 @@ function sendPasswordRecovery(string $email) {
$hashedHash = password_hash($hash, PASSWORD_DEFAULT); $hashedHash = password_hash($hash, PASSWORD_DEFAULT);
setHashToDatabase($userID, $hash); setHashToDatabase($userID, $hash);
doSendPasswordRecovery($userID, $email, $username, $hashedHash); doSendPasswordRecovery($userID, $email, $username, $hashedHash);
} else { } else {
// TODO: Be angry! // TODO: Be angry!
} }
@@ -46,10 +43,12 @@ function setHashToDatabase(int $userID, string $hash) {
UPDATE UPDATE
`user` `user`
SET SET
`password` = $hash `password` = :hash
WHERE WHERE
`userID` = $userID `userID` = :userID
"); ");
$stmt->bindParam(":hash", $hash);
$stmt->bindParam(":userID", $userID);
$stmt->execute(); $stmt->execute();
return $stmt->rowCount(); return $stmt->rowCount();
} }