prepare("UPDATE users SET passwordcode = :passwordcode, passwordcode_time = NOW() WHERE id = :userid");
$result = $statement->execute(array('passwordcode' => sha1($passwordcode), 'userid' => $user['id']));
if(isset($_GET['login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$statement = $pdo->prepare("SELECT * FROM users WHERE username = :username");
$result = $statement->execute(array('username' => $username));
$user = $statement->fetch();
if ($user !== false && password_verify($password, $user['password'])) {
$_SESSION['userid'] = $user['id'];
$_SESSION['email'] = $user['email'];
$_SESSION['username'] = $user['username'];
$_SESSION['givenName'] = $user['givenName'];
$_SESSION['lastName'] = $user['lastName'];
die('successfull. please wait. youll be forwarded! ');
} else {
$errorMessage = "somethings wrong (maybe wrong password or invalid session)
";
}
}
?>
2nd Auth
You want to change your password? Please prove that you know your old password first!