CorelyPHP/admin/algo/password.alg.php at 54b5e41d4b78c2f86494e7d2bea832b4fd68114b · Dominik-developer/CorelyPHP · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<?php
declare(strict_types=1);

if (session_status() == PHP_SESSION_NONE) {
    session_start();
}

if(!isset ($_SESSION['adminLoged']))
{
    header('Location: ../panel.login.php');
    exit();
}

//additional files
require '../panel.connect.php';

$conn = @new mysqli($host, $db_user, $db_password, $db_name);

if (isset($_POST['oldPass']) && isset($_POST['newPass']) && isset($_POST['newPassAgain'])) {

    if ($_POST['newPass'] == $_POST['newPassAgain']) {

        if ($conn->connect_errno!=0) {
            $_SESSION['message'] = 'Connection to db fail.';
            #echo 'Error: '.$conn->connect_error;
            header('Location: ../panel.php?window=password');
            exit();
        }else{

            $ID = $_SESSION['id'];

            $sql = "SELECT `password` FROM `admin` WHERE id = '$ID' ";

            if($result = @$conn->query(sprintf($sql)))
            {
                $num = $result->num_rows;

                if($num >0)
                {
                    $row = $result->fetch_assoc();

                    if (password_verify($_POST['oldPass'], $row['password'])) {

                        $new_password = $_POST['newPass'];
                        $password_hash = password_hash($new_password, PASSWORD_DEFAULT);

                        $sql = "UPDATE `admin` SET `password` = ? WHERE `id` = ?";
                        $stmt = $conn->prepare($sql);

                        if (!$stmt) {
                            $_SESSION['message'] = 'Error during prepearing statement:' . $conn->error . '.';
                            header('Location: ../panel.php?window=password');
                        }

                        $stmt->bind_param("si", $password_hash, $ID);

                        if ($stmt->execute()) {
                            $_SESSION['message'] = 'Password changed successfully.';
                            header('Location: ../panel.php?window=password');
                        } else {
                            $_SESSION['message'] = 'Error: something went wrong during updating password.<br>'; //$stmt->error;
                            header('Location: ../panel.php?window=password');
                        }

                        $stmt->close();
                        $conn->close();

                    } else {
                        $_SESSION['message'] = 'Old password is wrong.';
                        header('Location: ../panel.php?window=password');
                    }

                } else {
                    $_SESSION['message'] = 'More rows found than needed.';
                    header('Location: ../panel.php?window=password');
                }
            }
            $conn->close();
            $_SESSION['message'] = 'Error fetching data.';
            header('Location: ../panel.php?window=password');
            exit();
        }
    } else {
        $_SESSION['message'] = 'New password different than one written again.';
        header('Location: ../panel.php?window=password');
        exit();
    }

} else {
    $_SESSION['message'] = 'POST table doesnt have all data.';
    header('Location: panel.php?window=password');
    exit();
}