Skip to content

Commit

Permalink
Hash password before saving
Browse files Browse the repository at this point in the history
Fix #13
  • Loading branch information
azlux authored Oct 24, 2024
1 parent 7f177c2 commit 1fec4cf
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions login.php
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,10 @@

if(!empty($_SESSION['username'])) {
if (isset($_GET['changepassword']) AND !empty($_POST['old_password']) AND !empty($_POST['new_password'])) {
$req = $connexion->prepare('UPDATE users SET password = ? WHERE username = ? AND password = ?');
$req->execute(array($_POST['new_password'], $_SESSION['username'], $_POST['old_password']));
$req = $connexion->prepare('UPDATE users SET password = ? WHERE username = ?');
$options = ['cost' => 12,];
$pwd_hash = password_hash($_POST['new_password'], PASSWORD_BCRYPT, $options);
$req->execute(array($pwd_hash, $_SESSION['username']));
echo "PASSWORD UPDATED";
header("refresh:5;url=" . DEFAULT_URL);
}
Expand Down

0 comments on commit 1fec4cf

Please sign in to comment.