Password needs to be more complex.
';
+ echo 'Please implement at least 8 chars, upper & downer caser, one number & one special char.
';
+ $error = true;
+} else {
+ $passwordhash = password_hash($password, PASSWORD_DEFAULT);
+ $statement = $pdo->prepare("UPDATE users SET password = :passwordhash, passwordcode = NULL, passwordcode_time = NULL WHERE id = :userid");
+ $result = $statement->execute(array('passwordhash' => $passwordhash, 'userid'=> $userid ));
+
+ if($result) {
+ die('Changed password. Going to login now.');
+ }
+ }
+}
+?>
+
+Set new password
+
\ No newline at end of file
diff --git a/secondauth.php b/secondauth.php
index d31e3bf..66c5289 100644
--- a/secondauth.php
+++ b/secondauth.php
@@ -1,7 +1,29 @@
prepare("UPDATE users SET passwordcode = :passwordcode, passwordcode_time = NOW() WHERE id = :userid");
+ $result = $statement->execute(array('passwordcode' => sha1($passwordcode), 'userid' => $user['id']));
+
+
if(isset($_GET['login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
@@ -16,7 +38,7 @@ if(isset($_GET['login'])) {
$_SESSION['username'] = $user['username'];
$_SESSION['givenName'] = $user['givenName'];
$_SESSION['lastName'] = $user['lastName'];
- die('successfull. go to: password change page');
+ die('successfull. please wait. youll be forwarded! ');
} else {
$errorMessage = "somethings wrong (maybe wrong password or invalid session)
";
}