-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathmdp_modif.php
85 lines (63 loc) · 2.13 KB
/
mdp_modif.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<?php
session_start();
require('inc/pdo.php');
require('inc/function.php');
$errors = array();
// comparer les token en $_get pour acceder a la page
if(!empty($_GET['id'])) {
$token = $_GET['id'];
$sql = "SELECT token FROM users WHERE token = :token";
$query = $pdo->prepare($sql);
$query->bindValue(':token',$token,PDO::PARAM_STR);
$query->execute();
$users = $query->fetch();
if(empty($users)) {
die('404');
}
} else {
die('404');
}
if(!empty($_POST['submited'])) {
// Faille xss.
$password1 = cleanXss($_POST['password1']);
$password2 = cleanXss($_POST['password2']);
//Validation password
if(!empty($password1) && !empty($password2)) {
if($password1 != $password2) {
$errors['password'] = 'Veuillez renseigner des mot de passe identiques';
} elseif(mb_strlen($password1) < 6) {
$errors['password'] = 'Min 6 caractères';
}
} else {
$errors['password'] = 'Veuillez renseigner vos mots de passe';
}
if(count($errors) == 0) {
// hash password
$hashPassword = password_hash($password1,PASSWORD_DEFAULT);
$newtoken = generateRandomString(255);
// generate token
// INSERT INTO
$success = true;
$sql ="UPDATE users SET password = :password, token = :newtoken WHERE token = :token ";
$query = $pdo->prepare($sql);
$query->bindValue(':password',$hashPassword,PDO::PARAM_STR);
$query->bindValue(':newtoken',$newtoken,PDO::PARAM_STR);
$query->bindValue(':token',$token,PDO::PARAM_STR);
$query->execute();
header('Location: index.php');
exit();
}
}
require('inc/header-front.php');?>
<form class="" action="" method="post">
<!-- PASSWORD1 -->
<label for="password1">Mot de passe*</label>
<span class="error"><?php if(!empty($errors['password'])) { echo $errors['password']; } ?></span>
<input type="password" name="password1" class="form-control" value="" />
<!-- PASSWORD2 -->
<label for="password2">Confirmation mot de passe*</label>
<input type="password" name="password2" class="form-control" value="" />
<input type="submit" name="submited" value="Valider">
</form>
<?php
require('inc/footer-front.php');