Version 2

pagecontent/action-change-password.php

@@ -0,0 +1,41 @@
+<?php
+// Passwörter werden geholt
+$password = htmlentities(substr($_POST["password"], 0, 256));
+$password_repeat = htmlentities(substr($_POST["password_repeat"], 0, 256));
+
+if(empty($password) || empty($password_repeat) ) {
+  print("false");
+  die();
+}
+
+if($password != $password_repeat) {
+  print("noAgreement");
+  die();
+}
+
+$password = hash('sha512',$password);
+
+
+// Ganz zu anfang eingegbenes Passwort erneut auswerten
+$verify_password_user = $_SESSION["verify-password-user"];
+$sql = "SELECT * FROM `VokabelBox2Users` WHERE `userid` = '$userid' AND `password` = '$verify_password_user'";
+$result_articles = $conn->query($sql);
+if(!mysqli_num_rows($result_articles))
+{
+  die();
+}
+
+// Im letzen Schritt werden alle Nutzer-Sessions noch einmal mit den tatsächlichen Sessions abgeglichen um das Überpringen von Schritten zu verhindern.
+if(empty($password) || ($_SESSION["verify-code"] != $_SESSION["verify-code-user"])) {
+  die();
+}
+
+// Neue E-Mail wird gepeichert
+$conn->query("UPDATE `VokabelBox2Users` SET `password` = '$password' WHERE `userid` = '$userid'");
+
+$_SESSION["Passwort"] = $Passwort;
+
+print("true");
+
+
+?>