colonymech / docs / www / colonyscout / internal / do_change_password.php @ f59acf11
History | View | Annotate | Download (2.7 KB)
1 |
<?php
|
---|---|
2 |
session_start(); |
3 |
$docRoot=getenv("DOCUMENT_ROOT")."/"; |
4 |
require_once($docRoot."internal/includes/jCryption-1.1.php"); |
5 |
include_once($docRoot."internal/do_login.php"); |
6 |
doDB("colony_scout");
|
7 |
|
8 |
//uses jCryption to encrypt username and password data
|
9 |
//uses challenge/response with an expiration of 1 hour from challenge generation
|
10 |
|
11 |
$keyLength = 256; |
12 |
$jCryption = new jCryption(); |
13 |
|
14 |
if(isset($_GET["generateKeypair"])) { |
15 |
$keys = $jCryption->generateKeypair($keyLength); |
16 |
$_SESSION["e"] = array("int" => $keys["e"], "hex" => $jCryption->dec2string($keys["e"],16)); |
17 |
$_SESSION["d"] = array("int" => $keys["d"], "hex" => $jCryption->dec2string($keys["d"],16)); |
18 |
$_SESSION["n"] = array("int" => $keys["n"], "hex" => $jCryption->dec2string($keys["n"],16)); |
19 |
|
20 |
echo '{"e":"'.$_SESSION["e"]["hex"].'","n":"'.$_SESSION["n"]["hex"].'","maxdigits":"'.intval($keyLength*2/16+3).'"}'; |
21 |
exit;
|
22 |
} |
23 |
|
24 |
$var = $jCryption->decrypt($_POST['jCryption'], $_SESSION["d"]["int"], $_SESSION["n"]["int"]); |
25 |
unset($_SESSION["e"]); |
26 |
unset($_SESSION["d"]); |
27 |
unset($_SESSION["n"]); |
28 |
parse_str($var,$result); |
29 |
|
30 |
$u = mysqli_escape_string($mysqli,$result["muser"]); |
31 |
$p = mysqli_escape_string($mysqli,$result["mpass"]); |
32 |
$np = mysqli_escape_string($mysqli,$result["mpass_new"]); |
33 |
$np_c = mysqli_escape_string($mysqli,$result["mpass_new_confirm"]); |
34 |
$key = $result["val"]; |
35 |
|
36 |
//NOTE: Must pass all the following tests in order to validate and attempt a password reset
|
37 |
if ($key!=md5(date('l jS \of F Y h A'))) { |
38 |
//invalid login or login key has expired (valid for 1 hour after form generation)
|
39 |
header("Location: /internal/index.php?s=expiredkey"); |
40 |
exit;
|
41 |
} |
42 |
if ($np!=$np_c) { |
43 |
//new passwords do not match
|
44 |
header("Location: /internal/changepassword.php?s=nomatch"); |
45 |
exit;
|
46 |
} |
47 |
if (strlen($np)<6) { |
48 |
//password length is too short
|
49 |
header("Location: /internal/changepassword.php?s=len"); |
50 |
exit;
|
51 |
} |
52 |
|
53 |
//check for user account
|
54 |
$verify_account_sql = "SELECT ID, FirstName FROM members WHERE UserName = '".$u."' AND Password = PASSWORD('".$p."') LIMIT 1"; |
55 |
$verify_account_res = mysqli_query($mysqli, $verify_account_sql) or die(mysqli_error($mysqli)); |
56 |
if (mysqli_num_rows($verify_account_res) < 1) { |
57 |
|
58 |
header("Location: /internal/changepassword.php?s=notfound"); |
59 |
exit;
|
60 |
} else {
|
61 |
while ($member_info = mysqli_fetch_array($verify_account_res)) { |
62 |
$verify_account_sql = "UPDATE members SET password=PASSWORD('".$np."') WHERE ID = ".$member_info['ID']." AND Password = PASSWORD('".$p."')"; |
63 |
$verify_account_res = mysqli_query($mysqli, $verify_account_sql) or die(mysqli_error($mysqli)); |
64 |
session_start(); |
65 |
$_SESSION['u'] = ""; $_SESSION['uName']=""; |
66 |
session_write_close(); |
67 |
} |
68 |
} |
69 |
|
70 |
|
71 |
|
72 |
|
73 |
//close connection to MySQL
|
74 |
mysqli_close($mysqli);
|
75 |
|
76 |
header("Location: /internal/changepassword.php?s=success"); |
77 |
exit();
|
78 |
|
79 |
?>
|