colonymech / docs / www / colonyscout / internal / do_change_password.php @ f59acf11
History | View | Annotate | Download (2.7 KB)
1 | f59acf11 | Dan Shope | <?php
|
---|---|---|---|
2 | session_start(); |
||
3 | $docRoot=getenv("DOCUMENT_ROOT")."/"; |
||
4 | require_once($docRoot."internal/includes/jCryption-1.1.php"); |
||
5 | include_once($docRoot."internal/do_login.php"); |
||
6 | doDB("colony_scout");
|
||
7 | |||
8 | //uses jCryption to encrypt username and password data
|
||
9 | //uses challenge/response with an expiration of 1 hour from challenge generation
|
||
10 | |||
11 | $keyLength = 256; |
||
12 | $jCryption = new jCryption(); |
||
13 | |||
14 | if(isset($_GET["generateKeypair"])) { |
||
15 | $keys = $jCryption->generateKeypair($keyLength); |
||
16 | $_SESSION["e"] = array("int" => $keys["e"], "hex" => $jCryption->dec2string($keys["e"],16)); |
||
17 | $_SESSION["d"] = array("int" => $keys["d"], "hex" => $jCryption->dec2string($keys["d"],16)); |
||
18 | $_SESSION["n"] = array("int" => $keys["n"], "hex" => $jCryption->dec2string($keys["n"],16)); |
||
19 | |||
20 | echo '{"e":"'.$_SESSION["e"]["hex"].'","n":"'.$_SESSION["n"]["hex"].'","maxdigits":"'.intval($keyLength*2/16+3).'"}'; |
||
21 | exit;
|
||
22 | } |
||
23 | |||
24 | $var = $jCryption->decrypt($_POST['jCryption'], $_SESSION["d"]["int"], $_SESSION["n"]["int"]); |
||
25 | unset($_SESSION["e"]); |
||
26 | unset($_SESSION["d"]); |
||
27 | unset($_SESSION["n"]); |
||
28 | parse_str($var,$result); |
||
29 | |||
30 | $u = mysqli_escape_string($mysqli,$result["muser"]); |
||
31 | $p = mysqli_escape_string($mysqli,$result["mpass"]); |
||
32 | $np = mysqli_escape_string($mysqli,$result["mpass_new"]); |
||
33 | $np_c = mysqli_escape_string($mysqli,$result["mpass_new_confirm"]); |
||
34 | $key = $result["val"]; |
||
35 | |||
36 | //NOTE: Must pass all the following tests in order to validate and attempt a password reset
|
||
37 | if ($key!=md5(date('l jS \of F Y h A'))) { |
||
38 | //invalid login or login key has expired (valid for 1 hour after form generation)
|
||
39 | header("Location: /internal/index.php?s=expiredkey"); |
||
40 | exit;
|
||
41 | } |
||
42 | if ($np!=$np_c) { |
||
43 | //new passwords do not match
|
||
44 | header("Location: /internal/changepassword.php?s=nomatch"); |
||
45 | exit;
|
||
46 | } |
||
47 | if (strlen($np)<6) { |
||
48 | //password length is too short
|
||
49 | header("Location: /internal/changepassword.php?s=len"); |
||
50 | exit;
|
||
51 | } |
||
52 | |||
53 | //check for user account
|
||
54 | $verify_account_sql = "SELECT ID, FirstName FROM members WHERE UserName = '".$u."' AND Password = PASSWORD('".$p."') LIMIT 1"; |
||
55 | $verify_account_res = mysqli_query($mysqli, $verify_account_sql) or die(mysqli_error($mysqli)); |
||
56 | if (mysqli_num_rows($verify_account_res) < 1) { |
||
57 | |||
58 | header("Location: /internal/changepassword.php?s=notfound"); |
||
59 | exit;
|
||
60 | } else {
|
||
61 | while ($member_info = mysqli_fetch_array($verify_account_res)) { |
||
62 | $verify_account_sql = "UPDATE members SET password=PASSWORD('".$np."') WHERE ID = ".$member_info['ID']." AND Password = PASSWORD('".$p."')"; |
||
63 | $verify_account_res = mysqli_query($mysqli, $verify_account_sql) or die(mysqli_error($mysqli)); |
||
64 | session_start(); |
||
65 | $_SESSION['u'] = ""; $_SESSION['uName']=""; |
||
66 | session_write_close(); |
||
67 | } |
||
68 | } |
||
69 | |||
70 | |||
71 | |||
72 | |||
73 | //close connection to MySQL
|
||
74 | mysqli_close($mysqli);
|
||
75 | |||
76 | header("Location: /internal/changepassword.php?s=success"); |
||
77 | exit();
|
||
78 | |||
79 | ?> |