Project

General

Profile

Statistics
| Branch: | Revision:

colonymech / docs / www / colonyscout / internal / do_change_password.php @ f59acf11

History | View | Annotate | Download (2.7 KB)

1 f59acf11 Dan Shope
<?php
2
session_start();
3
$docRoot=getenv("DOCUMENT_ROOT")."/";
4
require_once($docRoot."internal/includes/jCryption-1.1.php");
5
include_once($docRoot."internal/do_login.php");
6
doDB("colony_scout");
7
8
//uses jCryption to encrypt username and password data
9
//uses challenge/response with an expiration of 1 hour from challenge generation
10
11
$keyLength = 256;
12
$jCryption = new jCryption();
13
14
if(isset($_GET["generateKeypair"])) {
15
        $keys = $jCryption->generateKeypair($keyLength);
16
        $_SESSION["e"] = array("int" => $keys["e"], "hex" => $jCryption->dec2string($keys["e"],16));
17
        $_SESSION["d"] = array("int" => $keys["d"], "hex" => $jCryption->dec2string($keys["d"],16));
18
        $_SESSION["n"] = array("int" => $keys["n"], "hex" => $jCryption->dec2string($keys["n"],16));
19
        
20
        echo '{"e":"'.$_SESSION["e"]["hex"].'","n":"'.$_SESSION["n"]["hex"].'","maxdigits":"'.intval($keyLength*2/16+3).'"}';
21
        exit;
22
}
23
24
$var = $jCryption->decrypt($_POST['jCryption'], $_SESSION["d"]["int"], $_SESSION["n"]["int"]);
25
unset($_SESSION["e"]);
26
unset($_SESSION["d"]);
27
unset($_SESSION["n"]);
28
parse_str($var,$result);
29
30
$u                = mysqli_escape_string($mysqli,$result["muser"]);
31
$p                = mysqli_escape_string($mysqli,$result["mpass"]);
32
$np                = mysqli_escape_string($mysqli,$result["mpass_new"]);
33
$np_c        = mysqli_escape_string($mysqli,$result["mpass_new_confirm"]);
34
$key        = $result["val"];
35
36
//NOTE: Must pass all the following tests in order to validate and attempt a password reset
37
if ($key!=md5(date('l jS \of F Y h A'))) {
38
        //invalid login or login key has expired (valid for 1 hour after form generation)
39
        header("Location: /internal/index.php?s=expiredkey");
40
        exit;
41
}
42
if ($np!=$np_c) {
43
        //new passwords do not match
44
        header("Location: /internal/changepassword.php?s=nomatch");
45
        exit;
46
}
47
if (strlen($np)<6) {
48
        //password length is too short
49
        header("Location: /internal/changepassword.php?s=len");
50
        exit;
51
}
52
53
//check for user account
54
$verify_account_sql = "SELECT ID, FirstName FROM members WHERE UserName = '".$u."' AND Password = PASSWORD('".$p."') LIMIT 1";
55
$verify_account_res =  mysqli_query($mysqli, $verify_account_sql) or die(mysqli_error($mysqli));
56
if (mysqli_num_rows($verify_account_res) < 1) {
57
        
58
        header("Location: /internal/changepassword.php?s=notfound");
59
        exit;
60
} else {
61
        while ($member_info = mysqli_fetch_array($verify_account_res)) {
62
                $verify_account_sql = "UPDATE members SET password=PASSWORD('".$np."') WHERE ID = ".$member_info['ID']." AND Password = PASSWORD('".$p."')";
63
                $verify_account_res =  mysqli_query($mysqli, $verify_account_sql) or die(mysqli_error($mysqli));
64
                        session_start();
65
                        $_SESSION['u'] = ""; $_SESSION['uName']="";
66
                        session_write_close();
67
        }
68
}
69
70
71
72
73
//close connection to MySQL
74
mysqli_close($mysqli);
75
76
header("Location: /internal/changepassword.php?s=success");
77
exit();
78
79
?>