Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //session_start();
- require_once("config.php");
- require_once("utilities.php");
- require_once("authentication.php");
- require_once("access_control.php");
- //1.connect to DB
- $conn = createDbConnection($servername, $username, $password, $dbname);
- if(noError($conn)){
- $conn = $conn["errMsg"];
- } else {
- printArr("Oops! There seems to be something wrong with our servers. Please try again later or contact us if the problem persists.");
- exit;
- }
- //$oldpassword=cleanQueryParameter($conn,cleanXSS($_POST["oldpassword"]));
- $newpassword=cleanQueryParameter($conn,cleanXSS($_POST["newpassword"]));
- $repassword=cleanQueryParameter($conn,cleanXSS($_POST["repassword"]));
- $username=cleanQueryParameter($conn,cleanXSS($_POST["username"]));
- $type=cleanQueryParameter($conn,cleanXSS($_POST["type"]));
- $signature=cleanQueryParameter($conn,cleanXSS($_POST["signature"]));
- $public_key=cleanQueryParameter($conn,cleanXSS($_POST["publicKey"])); //Device public key
- $secretkey=cleanQueryParameter($conn,cleanXSS($_POST["secretkey"]));
- //printArr($_POST);die;
- //Fetching corresponding private key of device
- $querydevice="select * from DEVICE_INFO where devicePublicKey='".$public_key."'";
- $resultdevice= runQuery($querydevice, $conn);
- $rowresults = mysqli_fetch_assoc($resultdevice["dbResource"]);
- $private_key=$rowresults['devicePrivateKey'];
- $api_text = "changepsswdemail&publicKey" . $public_key;
- $signature_new = hash_hmac('sha512', $api_text, $private_key); //signature new generated.
- if($signature_new==$signature){
- }
- else{
- //not valid
- $msg="API validation failed";
- $returnArr['errCode']=5;
- $returnArr['errMsg']=$msg;
- }
- /*}*/
- print(json_encode($returnArr,true));
- ?>
Add Comment
Please, Sign In to add comment