-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathupdateps.php
More file actions
85 lines (71 loc) · 2.77 KB
/
updateps.php
File metadata and controls
85 lines (71 loc) · 2.77 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<?php
//FILE UPDATE PASSWORD UTENTE
?>
<!DOCTYPE html>
<head>
<title>Change password</title>
</head>
<body>
<?php
include("files/connproj.php");
if ( isset($_POST['updateps']) )
{
session_start();
if(empty($_POST["password"]) || empty($_POST["newps"]) || empty($_POST["newpsconfirm"])){
echo "<h3>Dati mancanti!</h3>";
header("Refresh:2; url=changepassword.php");
}
//campi password mandati dall'utente con il form + elimina spazi con trim()
$ps=trim($_POST['password']); //password attuale
$newps=trim($_POST['newps']); //nuova password
$newpsconfirm=trim($_POST['newpsconfirm']); //conferma nuova password
$email = $_SESSION['email'];
//query
$query = mysqli_query($connection,"SELECT pass FROM users WHERE email='$email'");
$fetch = mysqli_fetch_array($query);
//controlli sulla password :
if(!password_verify($ps, $fetch['pass'])){
echo "<h3>Password attuale errata!!!</h3>";
mysqli_close($connection);
header("Refresh:2; url=changepassword.php");
exit();
}
else{
if($newps != $newpsconfirm){
echo "<h3>Password non corrispondenti!</h3>";
mysqli_close($connection);
header("Refresh:2; url=changepassword.php");
exit();
}
if($newps == $ps){
echo "<h3>La nuova password è la stessa di quella vecchia!</h3>";
mysqli_close($connection);
header("Refresh:2; url=show_profile.php");
exit();
}
//PASSWORD CORTA
if(strlen($newps) < 5){
echo "<h3>Password troppo corta, inserire almeno 5 caratteri!</h3>";
mysqli_close($connection);
header("Refresh:2; url=changepassword.php");
exit();
}
$hash = password_hash($newps, PASSWORD_DEFAULT); //hash della nuova password scelta dall'utente
//query di aggiornamento
$queryupdate = "UPDATE users SET confirm='$hash', pass='$hash' WHERE email='$email' ";
$resultupdate = mysqli_query($connection,$queryupdate) or die(mysqli_error($connection));
if(!($resultupdate)){
echo "<h3>Siamo spiacenti ma c'è stato un errore. Riprova!</h3>";
mysqli_close($connection);
header("Refresh:2; url=changepassword.php");
exit();
}else{
echo "<h3>Password cambiata correttamente!</h3>";
}
}
mysqli_close($connection);
header("Refresh:2; url=show_profile.php");
}
?>
</body>
</html>