Browse code

Created repository.

DoubleBastionAdmin authored on26/01/2022 20:32:42
Showing1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,53 @@
1
+<?php
2
+/**
3
+ *  Copyright (C) 2021  Double Bastion LLC
4
+ *
5
+ *  This file is part of Roundpin, which is licensed under the
6
+ *  GNU Affero General Public License Version 3.0. The license terms
7
+ *  are detailed in the "LICENSE.txt" file located in the root directory.
8
+ */
9
+
10
+session_start();
11
+
12
+if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {
13
+
14
+ define('ACCESSCONST', TRUE);
15
+
16
+ require('db-connect.php');
17
+
18
+    $username = $_POST['username'];
19
+    $currentPassword = $_POST['current_password'];
20
+    $newPassword = $_POST['new_password'];
21
+
22
+    // Get the password of the current user from the 'app_users' table
23
+    $enabled = 1;
24
+    $querypass = $mysqli->prepare("SELECT id, username, password, enabled FROM app_users WHERE BINARY username=? AND enabled=?");
25
+    $querypass->bind_param("si", $username, $enabled);
26
+    $querypass->execute();
27
+    $fetchData = $querypass->get_result();
28
+    $passdatafromdb = $fetchData->fetch_row();
29
+    $fetchedpassfromdb = $passdatafromdb[2];
30
+
31
+    $changepassverify = password_verify($currentPassword, $fetchedpassfromdb);
32
+
33
+    if ($changepassverify) {
34
+
35
+        $newHashedPassword = password_hash($newPassword, PASSWORD_DEFAULT);
36
+        $enabled = 1;
37
+        $queryupdatepass = $mysqli->prepare("UPDATE app_users SET password=? WHERE BINARY username=? AND enabled=?");
38
+        $queryupdatepass->bind_param("ssi", $newHashedPassword, $username, $enabled);
39
+        $queryupdatepass->execute();
40
+
41
+        if ($queryupdatepass) { 
42
+            $passchangemessage = "Your Roundpin user password has been updated successfully. From now on you will have to use your new password to log in to Roundpin.";
43
+        } else { $passchangemessage = "An error occurred while attempting to save the new password!"; }
44
+
45
+    } else { $passchangemessage = "The password you have entered in the 'Current Password' field doesn't match your current password!"; }
46
+
47
+    echo json_encode($passchangemessage);
48
+
49
+} else {
50
+    header("Location: roundpin-login.php");
51
+}
52
+
53
+?>
0 54
\ No newline at end of file