43 lines
1.2 KiB
PHP
43 lines
1.2 KiB
PHP
<?php
|
|
// Passwörter werden geholt
|
|
$password = htmlentities(substr($_POST["password"], 0, 256));
|
|
$password_repeat = htmlentities(substr($_POST["password_repeat"], 0, 256));
|
|
|
|
if(empty($password) || empty($password_repeat) ) {
|
|
print("false");
|
|
die();
|
|
}
|
|
|
|
if($password != $password_repeat) {
|
|
print("noAgreement");
|
|
die();
|
|
}
|
|
|
|
$password = hash('sha512',$password);
|
|
|
|
|
|
// Ganz zu anfang eingegbene E-Mail erneut auswerten
|
|
$change_password_email_user = $_SESSION["forgot-password-email"];
|
|
$sql = "SELECT * FROM `VokabelBox2Users` WHERE `email` = '$change_password_email_user'";
|
|
$result_articles = $conn->query($sql);
|
|
if(!mysqli_num_rows($result_articles))
|
|
{
|
|
die();
|
|
}
|
|
|
|
// Im letzen Schritt werden alle Nutzer-Sessions noch einmal mit den tatsächlichen Sessions abgeglichen um das Überpringen von Schritten zu verhindern.
|
|
if(empty($password) || ($_SESSION["forgot-password-code"] != $_SESSION["forgot-password-code-user"])) {
|
|
die();
|
|
}
|
|
|
|
// Neue E-Mail wird gepeichert
|
|
$conn->query("UPDATE `VokabelBox2Users` SET `password` = '$password',`loginfails` = '0' WHERE `email` = '$change_password_email_user'");
|
|
|
|
$_SESSION["Passwort"] = $Passwort;
|
|
$_SESSION["Benutzername"] = $change_password_email_user;
|
|
|
|
print("true");
|
|
|
|
|
|
?>
|