-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathchangePassword.php
More file actions
134 lines (122 loc) · 6.07 KB
/
changePassword.php
File metadata and controls
134 lines (122 loc) · 6.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
<?php
session_start();
// Check if the user is logged in, if not then redirect him to login page
if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){
header("location: login.php");
exit;
}
// Include config file
require_once "db_config.php";
$oldPassword_err = '';
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
//Validate old password
//First, get real old password
$sql_query = "SELECT password FROM account WHERE id = ?";
if ($stmt = mysqli_prepare($db_connection, $sql_query)) {
// Bind variables to prepared SQL statement
mysqli_stmt_bind_param($stmt, 'i', $_SESSION["id"]);
// Execute SQL statement
if (mysqli_stmt_execute($stmt)) {
$res = $stmt->get_result();
$row = $res -> fetch_assoc();
// This is the previous hashed password of user
$realOldPassword = $row["password"];
// Check password user type in with this hash above
if (!password_verify($_POST["oldPassword"], $realOldPassword)) {
$oldPassword_err = 'Old password is not correct!!! Are you trying to hack this account???';
}
}
else {
echo "Cannot execute SQL select password query";
exit;
}
mysqli_stmt_close($stmt);
}
// Update new password
if ($oldPassword_err == '') {
$newPassword = password_hash($_POST['newPassword'], PASSWORD_DEFAULT);
$sql_query = "UPDATE account SET password = ? WHERE id = ?";
if ($stmt = mysqli_prepare($db_connection, $sql_query)) {
// Bind variables to prepared SQL statement
mysqli_stmt_bind_param($stmt, 'si', $newPassword, $_SESSION["id"]);
// Execute SQL statement
if (mysqli_stmt_execute($stmt)) {
$oldPassword_err = 'Update password success my master ...';
}
else {
echo "Cannot execute SQL select password query";
exit;
}
mysqli_stmt_close($stmt);
}
}
}
mysqli_close($db_connection);
?>
<!DOCTYPE html>
<html>
<head>
<title>Change password</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css">
<link rel='stylesheet' href='styles/mycss.css'>
</head>
<body>
<nav class="navbar navbar-inverse navbar-fixed-top">
<div class="container-fluid">
<div class="navbar-header">
<a class="navbar-brand" href="index.php"><img src='img/cat-logo.jpg' alt='Cute cat' width='30' height='30'></a>
</div>
<ul class="nav navbar-nav">
<li class="active"><a href="index.php">Home</a></li>
<li><a href="listExercise.php"><?php if ($_SESSION["type"] == "teacher") echo "Add homework"; else echo "Homework" ?></a></li>
<li><a href="listChallenge.php"><?php if ($_SESSION["type"] == "teacher") echo "Add challenge"; else echo "Challenge" ?></a></li>
<li><a href="listUser.php">List user</a></li>
</ul>
<ul class="nav navbar-nav navbar-right">
<li class='active'><a href="profile.php?username=<?php echo $_SESSION['username']?>"><span class="glyphicon glyphicon-user"></span> Profile</a></li>
<li><a href="logout.php"><span class="glyphicon glyphicon-log-out"></span> Logout</a></li>
</ul>
</div>
</nav>
<div class='page-header'>
<h1>Change password</h1>
</div>
<div class="container">
<p>Please fill in your old and your new password</p>
<form action="" method="post" >
<div class="form-group">
<label for="oldPassword">Old password:</label>
<input class="form-control" type="password" id="oldPassword" name="oldPassword" placeholder="Enter your old password" required>
<small id="oldPasswordHelpText" class="form-text text-muted">Your previous password</small>
</div>
<div class="form-group">
<label for="newPassword">New password:</label>
<input class="form-control" type="password" id="newPassword" name="newPassword" placeholder="Enter your new password" minlength="8" maxlength="16" pattern=".*[0-9]+.*" required>
<small id="newPasswordHelpText" class="form-text text-muted">Your password must consist 8-16 characters and contain at least one digit</small>
</div>
<div class="form-group">
<label for="confirmPassword">Confirm new password:</label>
<input class="form-control" type="password" id="confirmPassword" name="confirmPassword" placeholder="Confirm your new password" minlength="8" maxlength="16" required>
<small id="confirmPasswordHelpText" class="form-text text-muted">You should type the same password as the new password above</small>
</div>
<button type="submit" class="btn btn-primary">Change password</button>
<span class="help-block"><?php echo $oldPassword_err; ?></span>
</form>
<script type="text/javascript">
var password = document.getElementById("newPassword"), confirm_password = document.getElementById("confirmPassword");
function validatePassword(){
if(newPassword.value != confirmPassword.value) {
confirmPassword.setCustomValidity("Passwords Don't Match");
} else {
confirmPassword.setCustomValidity('');
}
}
newPassword.oninput = validatePassword;
confirmPassword.oninput = validatePassword;
</script>
</div>
</body>
</html>