<?php//session_start();require_once("config.php");require_once("utilities.

1. <?php
2. //session_start();
3. require_once("config.php");
4. require_once("utilities.php");
5. require_once("authentication.php");
6. require_once("access_control.php");
7.  
8. //1.connect to DB
9. $conn = createDbConnection($servername, $username, $password, $dbname);
10.  
11. if(noError($conn)){
12. $conn = $conn["errMsg"];
13. } else {
14. printArr("Oops! There seems to be something wrong with our servers. Please try again later or contact us if the problem persists.");
15. exit;
16. }
17.  
18.  
19. //$oldpassword=cleanQueryParameter($conn,cleanXSS($_POST["oldpassword"]));
20. $newpassword=cleanQueryParameter($conn,cleanXSS($_POST["newpassword"]));
21. $repassword=cleanQueryParameter($conn,cleanXSS($_POST["repassword"]));
22. $username=cleanQueryParameter($conn,cleanXSS($_POST["username"]));
23. $type=cleanQueryParameter($conn,cleanXSS($_POST["type"]));
24. $signature=cleanQueryParameter($conn,cleanXSS($_POST["signature"]));
25.  
26.  
27. $public_key=cleanQueryParameter($conn,cleanXSS($_POST["publicKey"])); //Device public key
28. $secretkey=cleanQueryParameter($conn,cleanXSS($_POST["secretkey"]));
29.  
30. //printArr($_POST);die;
31.  
32. //Fetching corresponding private key of device
33. $querydevice="select * from DEVICE_INFO where devicePublicKey='".$public_key."'";
34. $resultdevice= runQuery($querydevice, $conn);
35. $rowresults = mysqli_fetch_assoc($resultdevice["dbResource"]);
36. $private_key=$rowresults['devicePrivateKey'];
37.  
38.  
39. $api_text = "changepsswdemail&publicKey" . $public_key;
40. $signature_new = hash_hmac('sha512', $api_text, $private_key); //signature new generated.
41. if($signature_new==$signature){
42.  
43.  
44.  
45.  
46. }
47. else{
48. //not valid
49. $msg="API validation failed";
50. $returnArr['errCode']=5;
51. $returnArr['errMsg']=$msg;
52. }
53. /*}*/
54. print(json_encode($returnArr,true));
55.  
56. ?>