diff --git a/passwordchange.php b/passwordchange.php deleted file mode 100644 index 2ff0423..0000000 --- a/passwordchange.php +++ /dev/null @@ -1,79 +0,0 @@ - - - - - - Change Password - - -'); -} - -$userid = $_GET['userid']; -$code = $_GET['code']; - - -$statement = $pdo->prepare("SELECT * FROM users WHERE id = :userid"); -$result = $statement->execute(array('userid' => $userid)); -$user = $statement->fetch(); - -//check if theres a code for the user delivered -if($user === null || $user['passwordcode'] === null) { - die('No User matching your request.'); -} - -if($user['passwordcode_time'] === null || strtotime($user['passwordcode_time']) < (time()-24*3600) ) { - die('Ooops. This code isnt valid anymore.'); -} - - - -if(sha1($code) != $user['passwordcode']) { - die(''); -} - - - -if(isset($_GET['send'])) { - $password = $_POST['password']; - $password_confirm = $_POST['password_confirm']; - //regexes for passvalidation: - $REuppercase = preg_match('@[A-Z]@', $password); - $RElowercase = preg_match('@[a-z]@', $password); - $REnumber = preg_match('@[0-9]@', $password); - $REspecialChars = preg_match('@[^\w]@', $password); - if($password != $password_confirm) { - echo "password or confirmed password wrong"; - } - if(!$REuppercase || !$RElowercase || !$REnumber || !$REspecialChars || strlen($password) < 8) { - echo 'Password needs to be more complex.
'; - echo 'Please implement at least 8 chars, upper & downer caser, one number & one special char.
'; - $error = true; -} else { - $passwordhash = password_hash($password, PASSWORD_DEFAULT); - $statement = $pdo->prepare("UPDATE users SET password = :passwordhash, passwordcode = NULL, passwordcode_time = NULL WHERE id = :userid"); - $result = $statement->execute(array('passwordhash' => $passwordhash, 'userid'=> $userid )); - - if($result) { - die('Changed password. Going to login now.'); - } - } -} -?> - -

Set new password

-
-
- -

-
-
- -

-
- -
\ No newline at end of file diff --git a/secondauth.php b/secondauth.php deleted file mode 100644 index 66c5289..0000000 --- a/secondauth.php +++ /dev/null @@ -1,81 +0,0 @@ -prepare("UPDATE users SET passwordcode = :passwordcode, passwordcode_time = NOW() WHERE id = :userid"); - $result = $statement->execute(array('passwordcode' => sha1($passwordcode), 'userid' => $user['id'])); - - -if(isset($_GET['login'])) { - $username = $_POST['username']; - $password = $_POST['password']; - - $statement = $pdo->prepare("SELECT * FROM users WHERE username = :username"); - $result = $statement->execute(array('username' => $username)); - $user = $statement->fetch(); - - if ($user !== false && password_verify($password, $user['password'])) { - $_SESSION['userid'] = $user['id']; - $_SESSION['email'] = $user['email']; - $_SESSION['username'] = $user['username']; - $_SESSION['givenName'] = $user['givenName']; - $_SESSION['lastName'] = $user['lastName']; - die('successfull. please wait. youll be forwarded! '); - } else { - $errorMessage = "somethings wrong (maybe wrong password or invalid session)
"; - } - -} -?> - - - - - - 2nd Auth - - - - - - -

You want to change your password? Please prove that you know your old password first!

-
-
- -

-
-
- -
-
- -
-
-
- -

- -