Use POST for password changes, validate input
parent
c97c58e30d
commit
1df2182bae
|
@ -1,61 +1,45 @@
|
|||
<?php
|
||||
if($_SERVER['REQUEST_TYPE'] == 'POST') {
|
||||
if(!isset($_SESSION['LOGIN']) || !isset($_SESSION['UUID'])) {
|
||||
header('Location: index.php');
|
||||
die();
|
||||
}
|
||||
|
||||
$HTML->setHTMLTitle("Passwort ändern");
|
||||
$HTML->importSeitenInhalt("profile.html");
|
||||
include '../app/FormValidator.php';
|
||||
$validator = new FormValidator(array(
|
||||
'oldPassword' => array('required' => true, 'regex' => '.{1,1000}'),
|
||||
'newPassword' => array('required' => true, 'regex' => '.{1,1000}'),
|
||||
'newPasswordRepeat' => array('required' => true, 'regex' => '.{1,1000}')
|
||||
));
|
||||
|
||||
if(isset($_REQUEST['oldPassword']) || $_REQUEST['oldPassword'] != "")
|
||||
{
|
||||
$OLDPassword = trim($_REQUEST['oldPassword']);
|
||||
|
||||
if($OLDPassword != "")
|
||||
{
|
||||
if(password_verify($OLDPassword, $_SESSION['PASSWORD']))
|
||||
{
|
||||
if(isset($_REQUEST['newPassword']) && $_REQUEST['newPassword'] != "")
|
||||
{
|
||||
$NewPassword = trim($_REQUEST['newPassword']);
|
||||
|
||||
if($NewPassword != "")
|
||||
{
|
||||
if(isset($_REQUEST['newPasswordRepeate']) || $_REQUEST['newPasswordRepeate'] != "")
|
||||
{
|
||||
$NewPasswordRepeate = trim($_REQUEST['newPasswordRepeate']);
|
||||
|
||||
if($NewPasswordRepeate != "")
|
||||
{
|
||||
if($NewPasswordRepeate == $NewPassword)
|
||||
{
|
||||
if($validator->isValid($_POST)) {
|
||||
if($_POST['newPasswordRepeat'] == $_POST['newPassword']) {
|
||||
if(password_verify($_POST['oldPassword'], $_SESSION['PASSWORD'])) {
|
||||
$hash = password_hash($NewPassword, PASSWORD_ARGON2ID);
|
||||
$statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash WHERE UUID = :PrincipalID');
|
||||
$statement->execute(['PasswordHash' => $hash, 'PrincipalID' => $_SESSION['UUID']]);
|
||||
$_SESSION['PASSWORD'] = $hash;
|
||||
$_SESSION['pwChanged'] = true;
|
||||
$_SESSION['pw_info'] = 'Neues Passwort gespeichert.';
|
||||
}
|
||||
else {
|
||||
$_SESION['pw_info'] = 'Das alte Passwort ist nicht richtig!';
|
||||
}
|
||||
}
|
||||
else {
|
||||
$_SESSION['pw_info'] = 'Die neuen Passwörter stimmen nicht überein!';
|
||||
}
|
||||
}
|
||||
else {
|
||||
$_SESSION['pw_info'] = 'Bitte fülle das Formular vollständig aus.';
|
||||
}
|
||||
|
||||
header('Location: index.php?page=password');
|
||||
die();
|
||||
}else{
|
||||
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Passwörter stimmen nicht überein!');
|
||||
}
|
||||
}else{
|
||||
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Bitte gib das Passwort zur bestätigung noch einmal ein!');
|
||||
}
|
||||
}else{
|
||||
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Bitte gib das Passwort zur bestätigung noch einmal ein!');
|
||||
}
|
||||
}else{
|
||||
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Bitte gebe ein neues Passwort ein!');
|
||||
}
|
||||
}else{
|
||||
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Bitte gebe ein neues Passwort ein!');
|
||||
}
|
||||
}else{
|
||||
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Das alte Passwort ist nicht richtig!');
|
||||
}
|
||||
}else{
|
||||
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Gebe bitte dein Passwort ein.');
|
||||
}
|
||||
}
|
||||
|
||||
$HTML->setHTMLTitle("Passwort ändern");
|
||||
$HTML->importSeitenInhalt("profile.html");
|
||||
|
||||
include 'app/OpenSim.php';
|
||||
$opensim = new OpenSim();
|
||||
|
||||
|
@ -70,12 +54,12 @@
|
|||
$HTML->ReplaceSeitenInhalt("%%email%%", htmlspecialchars($opensim->getUserMail($_SESSION['UUID'])));
|
||||
$HTML->ReplaceSeitenInhalt("%%listAllResidentsAsJSArray%%", "");
|
||||
|
||||
$pwChanged = false;
|
||||
if(isset($_SESSION['pwChanged'])) {
|
||||
$pwChanged = true;
|
||||
unset($_SESSION['pwChanged']);
|
||||
$pwInfo = '';
|
||||
if(isset($_SESSION['pw_info'])) {
|
||||
$pwInfo = $_SESSION['pw_info'];
|
||||
unset($_SESSION['pw_info']);
|
||||
}
|
||||
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", $pwChanged ? 'Neues Passwort gespeichert.' : ' ');
|
||||
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", $pwInfo);
|
||||
|
||||
$HTML->build();
|
||||
echo $HTML->ausgabe();
|
||||
|
|
Loading…
Reference in New Issue