-
Notifications
You must be signed in to change notification settings - Fork 0
/
passcheck.php
87 lines (53 loc) · 1.47 KB
/
passcheck.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
<!DOCTYPE html>
<html>
<head>
<title></title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<?php
if(!empty($_POST["email"]) && !empty($_POST["opassword"]) && !empty($_POST["npassword"]))
{
$DBHOST = "localhost";
$DBUSER = "Vehiclemanagement";
$DBPWD = "Vehiclemanagement123";
$DBNAME = "vehiclemanagement";
$conn = new mysqli($DBHOST, $DBUSER, $DBPWD, $DBNAME);
if($conn->connect_error)
{
die("Connection failed!".$conn->connect_error);
}
$email = $_POST["email"];
$npassword = $_POST["npassword"];
$statement = "SELECT * FROM customer WHERE email=?";
$stmt = $conn->prepare($statement);
$stmt->bind_param("s", $email);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
$hash = $row["password"];
if(password_verify($_POST["opassword"], $hash))
{
echo "Password Changed!";
echo "<br>";
echo "<a href='display_vehicles.php'><button>Ok</button></a>";
$statement = "UPDATE customer SET password=? WHERE email=?";
$phash = password_hash($npassword, PASSWORD_DEFAULT);
$stmt = $conn->prepare($statement);
$stmt->bind_param("ss", $phash, $email);
$stmt->execute();
}
else
{
echo "wrong old password!";
echo "<br>";
echo "<a href='passwd_reset.php'><button>Try Again</button></a>";
}
}
else
{
header("Location:passwd_reset.php");
}/*verify user not directly accessing*/
?>
</body>
</html>