-
Notifications
You must be signed in to change notification settings - Fork 0
/
modif_password.php
81 lines (73 loc) · 2.13 KB
/
modif_password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php
session_start();
require('new_users.class.php');
include('config/database.php');
if ($_SESSION['login'] === NULL)
{
header('Location: index.php');
}
$id_user = $_SESSION['id_user'];
$conn->query( 'USE db_camagru' );
$requete = $conn->prepare("SELECT `password` FROM `users` WHERE `id_user` = :id_user");
$requete->bindparam(':id_user', $id_user);
$requete->execute();
$data = $requete->fetch(PDO::FETCH_ASSOC);
/* minimum 1 lettre minuscule, minimum 1 lettre majuscule, minimum un chiffre, minimum 6 caracteres */
if (preg_match("#(?=^.{6,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$#", $_POST['password']))
{
$current_password = hash('whirlpool',htmlspecialchars($_POST['password']));
}
else
{
$_SESSION['regex_new'] = FALSE;
header('Location: profile.php');
}
if (preg_match("#(?=^.{6,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$#", $_POST['new_password']))
{
$new_password = hash('whirlpool',htmlspecialchars($_POST['new_password']));
}
else
{
$_SESSION['regex_new'] = FALSE;
header('Location: profile.php');
}
if (preg_match("#(?=^.{6,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$#", $_POST['confirm_new_password']))
{
$confirm_new_password = hash('whirlpool',htmlspecialchars($_POST['confirm_new_password']));
}
else
{
$_SESSION['regex_new'] = FALSE;
header('Location: profile.php');
}
if ($current_password != NULL && $new_password != NULL && $confirm_new_password != NULL)
{
if ($data['password'] === $current_password)
{
$actual_user = new Membre($conn);
$actual_user->getIdUser($id_user);
$actual_user->getPassword($current_password);
$actual_user->getNewPassword($new_password);
$actual_user->getConfirmNewPassword($confirm_new_password);
if ($actual_user->verif_new_password() === TRUE)
{
$actual_user->updatePassword();
echo "password_modifier";
$_SESSION['password_modif'] = TRUE;
header('Location: profile.php');
}
else
{
echo "error / mauvaise modif";
$_SESSION['password_modif'] = FALSE;
header('Location: profile.php');
}
}
else
{
echo "error pas le current password";
$_SESSION['password_error'] = TRUE;
header('Location: profile.php');
}
}
?>