| 06fbd764 |
<?php
/**
* Copyright (C) 2021 Double Bastion LLC
*
* This file is part of Roundpin, which is licensed under the
* GNU Affero General Public License Version 3.0. The license terms
* are detailed in the "LICENSE.txt" file located in the root directory.
*/
session_start();
if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {
define('ACCESSCONST', TRUE);
require('db-connect.php');
$username = $_POST['username'];
$currentPassword = $_POST['current_password'];
$newPassword = $_POST['new_password'];
// Get the password of the current user from the 'app_users' table
$enabled = 1;
$querypass = $mysqli->prepare("SELECT id, username, password, enabled FROM app_users WHERE BINARY username=? AND enabled=?");
$querypass->bind_param("si", $username, $enabled);
$querypass->execute();
$fetchData = $querypass->get_result();
$passdatafromdb = $fetchData->fetch_row();
$fetchedpassfromdb = $passdatafromdb[2];
$changepassverify = password_verify($currentPassword, $fetchedpassfromdb);
if ($changepassverify) {
$newHashedPassword = password_hash($newPassword, PASSWORD_DEFAULT);
$enabled = 1;
$queryupdatepass = $mysqli->prepare("UPDATE app_users SET password=? WHERE BINARY username=? AND enabled=?");
$queryupdatepass->bind_param("ssi", $newHashedPassword, $username, $enabled);
$queryupdatepass->execute();
if ($queryupdatepass) {
$passchangemessage = "Your Roundpin user password has been updated successfully. From now on you will have to use your new password to log in to Roundpin.";
} else { $passchangemessage = "An error occurred while attempting to save the new password!"; }
} else { $passchangemessage = "The password you have entered in the 'Current Password' field doesn't match your current password!"; }
echo json_encode($passchangemessage);
} else {
header("Location: roundpin-login.php");
}
?>
|