// Copyright (c) 2022 High5! // License Info: LICENSE.TXT // // File: password.php // // Template File: password.tpl // // Template Variables: // // message // // Form POST / GET Variables: // // password_current // password1 // password2 // require_once '../functions.inc.php'; include '../languages/' . check_language() . '.lang'; $SESSID_USERNAME = check_session('userid'); $admin = $SESSID_USERNAME ?? ADMIN_EMAIL; if ($_SERVER['REQUEST_METHOD'] == "POST") { $username = $SESSID_USERNAME; $password_current = filter_input(INPUT_POST, 'password_current', FILTER_DEFAULT); $password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT); $password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT); if (empty($password_current) || empty($password1) || $password1 != $password2) { $message = $LANG['Password_password_text_error']; } if (empty($message) && !empty($password_current)) { $dbh = pdo_connect(); $sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?"); $sth->bindParam(1, $username, PDO::PARAM_STR); $sth->execute(); $row = $sth->fetch(PDO::FETCH_COLUMN); if (!password_verify($password_current, $row)) { $message = $LANG['Password_password_current_text_error']; } } if (empty($message) && !empty($password1)) { $hashed = bcrypt($password1); try { $dbh = pdo_connect(); $sth = $dbh->prepare("UPDATE mailbox SET password=?,modified=NOW() WHERE username=?"); $sth->bindParam(1, $hashed, PDO::PARAM_STR); $sth->bindParam(2, $username, PDO::PARAM_STR); $sth->execute(); logging($admin, substr(strrchr($SESSID_USERNAME, "@"), 1), $LANG['Logging_password_change'], $admin); $message = $LANG['Password_result_succes']; } catch(PDOException $e) { $message = $LANG['Password_result_error']; } } } include '../templates/header.tpl'; include '../templates/users_menu.tpl'; include '../templates/password.tpl'; include '../templates/footer.tpl'; ?>