Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if ( $_SERVER['REQUEST_METHOD'] == 'POST' )
- {
- $password = $mysqli->escape_string($_POST['old_password']);
- if ( password_verify($password , $_SESSION['password']) ) {
- checkPasswordStrength($_POST['new_password']);
- $new_password = $mysqli->escape_string(password_hash($_POST['new_password'], PASSWORD_BCRYPT));
- $hash = $mysqli->escape_string( md5( rand(0,1000) ) );
- $sql = "UPDATE `userdetails` SET `Password`='$new_password', `Hash`='$hash' WHERE Username = '$username'";
- if ( $mysqli->query($sql) === True ){
- session_unset();
- session_destroy();
- header("location: index.php");
- }
- }
- else{
- $_SESSION['message'] = "Incorrect Password!";
- header("location: error.php");
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement