<?php
/**
* @copyright 2024 Double Bastion LLC <www.doublebastion.com>
*
* @author Double Bastion LLC
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
session_start();
if (($_SESSION['loggedtorspanel'] == true) && isset($_POST['verifyKey']) && ($_POST['verifyKey'] == $_SESSION['valid_access'])) {
define('ACCESSCONST', TRUE);
require('db-connect.php');
if (isset($_POST['currentPass']) && isset($_POST['newPass'])) {
$crntPswd = $_POST['currentPass'];
$newpass = $_POST['newPass'];
$userName = $_SESSION['login'];
if ($crntPswd != '' && $newpass != '') {
try {
// Check if the given password matches the password in the database
$query0 = $mysqli->prepare("SELECT id, username, password FROM panelusers WHERE username=?");
$query0->bind_param("s", $userName);
$query0->execute();
$fetchData = $query0->get_result();
$getData = $fetchData->fetch_row();
$query0->close();
if (!empty($getData)) {
$passfromdb = $getData[2];
$passVerify = password_verify($crntPswd, $passfromdb);
if ($passVerify) {
$newPswd = password_hash($newpass, PASSWORD_DEFAULT);
$query1 = $mysqli->prepare("UPDATE panelusers SET password=? WHERE BINARY username=?");
$query1->bind_param("ss", $newPswd, $userName);
if ($query1->execute()) {
$result = 'success';
$messagetosend = "The new password has been saved !<br>From now on please use your new password to log in!";
} else {
$result = 'success';
$messagetosend = "An error occurred while updating your password!";
}
$query1->close();
} else {
$result = 'failure';
$messagetosend = "The given current password is incorrect !";
}
} else {
$result = 'failure';
$messagetosend = "The given current password is incorrect !";
}
} catch (mysqli_sql_exception $e) {
$result = 'failure';
$messagetosend = "An error occurred while processing your request. You can try again after a few moments !";
}
$resp = array('result' => $result, 'messagetosend' => $messagetosend);
echo json_encode($resp);
}
}
} else { header("Location: panel-login.php"); }
?>