1
0
Fork 0

add password change

master
Christopher 2020-08-02 04:44:32 +02:00
parent 8c571b011b
commit ad4dd32ecb
3 changed files with 108 additions and 0 deletions

43
pages/HTML/passwort.html Normal file
View File

@ -0,0 +1,43 @@
<center>%%INFOMESSAGE%%</center>
<div style="width: 400px; margin: auto; left: 50%;">
<form action="index.php?page=password" method="post">
<div class="row" style="margin-top: 15px;">
<div class="col">
<label for="oldPassword">Altes Passwort</label>
<input type="text" class="form-control" id="oldPassword" name="oldPassword"">
</div>
</div>
<div class="row" style="margin-top: 15px;">
<div class="col">
<label for="newPassword">Neues Passwort</label>
<input type="text" class="form-control" id="PasswordNew" name="newPassword"">
</div>
</div>
<div class="row" style="margin-top: 15px;">
<div class="col">
<label for="newPasswordRepeate">Neues Passwort wiederholen</label>
<input type="text" class="form-control" id="PasswordNewRepeate" name="newPasswordRepeate"">
</div>
</div>
<div class="row" style="margin-top: 15px;">
<div class="col">
<hr>
</div>
</div>
<div class="row" style="margin-top: 15px;">
<div class="col">
<button type="submit" name="savePassword" class="btn btn-primary btn-lg">Speichern</button>
</div>
</div>
</form>
</div>

View File

@ -29,6 +29,8 @@
$_SESSION['FIRSTNAME'] = trim($rowUser['FirstName']);
$_SESSION['LASTNAME'] = trim($rowUser['LastName']);
$_SESSION['EMAIL'] = trim($rowUser['Email']);
$_SESSION['PASSWORD'] = $rowAuth['passwordHash'];
$_SESSION['SALT'] = $rowAuth['passwordSalt'];
$_SESSION['UUID'] = $rowUser['PrincipalID'];
$_SESSION['LEVEL'] = $rowUser['UserLevel'];
$_SESSION['DISPLAYNAME'] = strtoupper(trim($_POST['username']));

63
pages/password.php Normal file
View File

@ -0,0 +1,63 @@
<?php
$HTML = new HTML();
$HTML->setHTMLTitle("Passwort ändern");
$HTML->importHTML("style/default/dashboard.html");
$HTML->ReplaceLayoutInhalt("%%USERNAME%%", $_SESSION['DISPLAYNAME']);
$HTML->importSeitenInhalt("pages/HTML/passwort.html");
if(isset($_REQUEST['oldPassword']) || @$_REQUEST['oldPassword'] != "")
{
$OLDPassword = trim($_REQUEST['oldPassword']);
if($OLDPassword != "")
{
if(md5(md5($OLDPassword).":".$_SESSION['SALT']) == $_SESSION['PASSWORD'])
{
if(isset($_REQUEST['newPassword']) || @$_REQUEST['newPassword'] != "")
{
$NewPassword = trim($_REQUEST['newPassword']);
if($NewPassword != "")
{
if(isset($_REQUEST['newPasswordRepeate']) || @$_REQUEST['newPasswordRepeate'] != "")
{
$NewPasswordRepeate = trim($_REQUEST['newPasswordRepeate']);
if($NewPasswordRepeate != "")
{
if($NewPasswordRepeate == $NewPassword)
{
$statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash WHERE UUID = :PrincipalID');
$statement->execute(['PasswordHash' => md5(md5($NewPassword).":".$_SESSION['SALT']), 'PrincipalID' => $_SESSION['UUID']]);
$_SESSION['PASSWORD'] = md5(md5($NewPassword).":".$_SESSION['SALT']);
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Neues Passwort gespeichert.');
}else{
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Passwörter stimmen nicht überein!');
}
}else{
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Bitte gib das Passwort zur bestätigung noch einmal ein!');
}
}else{
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Bitte gib das Passwort zur bestätigung noch einmal ein!');
}
}else{
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Bitte gebe ein neues Passwort ein!');
}
}else{
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Bitte gebe ein neues Passwort ein!');
}
}else{
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Das alte Passwort ist nicht richtig!');
}
}else{
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Gebe bitte dein Passwort ein.');
}
}
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", ' ');
$HTML->build();
echo $HTML->ausgabe();
?>