forked from Informatika-UNSIA/events
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathchange_password.php
69 lines (60 loc) · 2.43 KB
/
change_password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
<?php
session_start();
if (!isset($_SESSION['userid'])) {
header('Location: ./login.php');
exit();
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
try {
if ($_POST['token'] != $_SESSION['change_password']) {
unset($_SESSION['change_password']);
header("Location: {$_SERVER['PHP_SELF']}?error=Invalid Token");
exit();
} else if (strlen($_POST['new_password']) < 10){
$_GET['error'] = 'Password minimal 10 karakter';
} else if ($_POST['new_password'] != $_POST['re_password']){
$_GET['error'] = 'Password baru yang diinput tidak sama';
} else if (!preg_match('/[a-z]/', $_POST['new_password'])) {
$_GET['error'] = 'Password baru minimal harus berisi 1 huruf kecil';
} else if (!preg_match('/[A-Z]/', $_POST['new_password'])) {
$_GET['error'] = 'Password baru minimal harus berisi 1 huruf besar';
} else if (!preg_match('/\d/', $_POST['new_password'])) {
$_GET['error'] = 'Password baru minimal harus berisi 1 angka';
} else if (!preg_match('/[^a-zA-Z\d]/', $_POST['new_password'])) {
$_GET['error'] = 'Password baru minimal harus berisi 1 karakter khusus';
}
require_once('../helpers/config.php');
require_once('../helpers/connection.php');
$query = 'SELECT * FROM users WHERE id = ?';
$stmt = $db->prepare($query);
$stmt->bind_param('s', $_SESSION['userid']);
$stmt->execute();
$result = $stmt->get_result();
$stmt->close();
$data = $result -> fetch_assoc();
if (!$data || !password_verify($_POST['password'], $data['password'])) {
$_GET['error'] = 'Invalid current password';
} else {
$result -> free_result();
// simpan password baru
$query = 'UPDATE users SET password=? WHERE id=?';
$stmt = $db->prepare($query);
$hashPassword = password_hash($_POST['new_password'], PASSWORD_BCRYPT);
$stmt->bind_param("ss", $hashPassword, $_SESSION['userid']);
$stmt->execute();
$stmt->close();
$db -> close();
session_destroy();
header('Location: ./login.php?message=Password berhasil diubah. Silahkan login kembali.');
exit();
}
unset($_SESSION['change_password']);
} catch(Exception $e) {
unset($_SESSION['change_password']);
header("Location: {$_SERVER['PHP_SELF']}?error=Gagal ganti password");
exit();
}
}
$datetime = new DateTime();
$_SESSION['change_password'] = $datetime->getTimestamp();
require_once('../change_password_view.php');