Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.20 System : Linux st2.domain.com 3.10.0-1127.10.1.el7.x86_64 #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64 User : apache ( 48) PHP Version : 7.4.20 Disable Function : NONE Directory : /var/www/html/oladi/code/changepass/ |
<?php
if(!isset($_SESSION['local_token']) or $_SESSION['local_token']==''){
$print->refresh('index.php?act=login');
exit();
}
$row_check = $DB->fetch_row($DB->query("SELECT * FROM tb_user WHERE user_id='" . $ob_user->user_id . "' "));
if($row_check['user_password_default']==''){
$print->refresh('?act=admin');
}
if(isset($CORE->input['submitbt'])){
$f = $CORE->input['f'];
$error = 0;
if(trim($f['new_password'])!=trim($f['renew_password'])){
$error = 1;
}else {
if ($row_check['user_password_default'] != trim($f['old_password'])) {
$error = 2;
} else {
$row_check = $DB->fetch_row($DB->query("SELECT * FROM tb_user WHERE user_key='" . $ob_user->user_name . "' "));
$password = trim($f['renew_password']);
$password_hash = password_hash($password, PASSWORD_DEFAULT, ['cost' => 12]);
$DB->query("UPDATE tb_user SET user_password_default='' , user_password_hash='$password_hash' WHERE user_password_default='" . trim($f['old_password']) . "' AND user_id='" . $ob_user->user_id . "' ");
$print->refresh('?act=admin');
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Admin Change Password</title>
<base href="<?php echo $INFO['home_url'];?>"/>
<link rel="apple-touch-icon" sizes="180x180" href="layout/adminlte320rc/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="layout/adminlte320rc/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="layout/adminlte320rc/favicon-16x16.png">
<link rel="shortcut icon" href="layout/adminlte320rc/favicon.ico">
<!-- Google Font: Source Sans Pro -->
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700&display=fallback">
<!-- Font Awesome -->
<link rel="stylesheet" href="layout/adminlte320rc/plugins/fontawesome-free/css/all.min.css">
<!-- icheck bootstrap -->
<link rel="stylesheet" href="layout/adminlte320rc/plugins/icheck-bootstrap/icheck-bootstrap.min.css">
<!-- Theme style -->
<link rel="stylesheet" href="layout/adminlte320rc/dist/css/adminlte.min.css">
<!-- SweetAlert2 -->
<link rel="stylesheet" href="layout/adminlte320rc/plugins/sweetalert2-theme-bootstrap-4/bootstrap-4.min.css">
<!-- Toastr -->
<link rel="stylesheet" href="layout/adminlte320rc/plugins/toastr/toastr.min.css">
<!-- jQuery -->
<script src="layout/adminlte320rc/plugins/jquery/jquery.min.js"></script>
<!-- Bootstrap 4 -->
<script src="layout/adminlte320rc/plugins/bootstrap/js/bootstrap.bundle.min.js"></script>
<!-- AdminLTE App -->
<script src="layout/adminlte320rc/dist/js/adminlte.min.js"></script>
<!-- SweetAlert2 -->
<script src="layout/adminlte320rc/plugins/sweetalert2/sweetalert2.min.js"></script>
<!-- Toastr -->
<script src="layout/adminlte320rc/plugins/toastr/toastr.min.js"></script>
<?php
if($error==1){
echo $func->show_alert('Re-enter new password is not the same','error');
}
if($error==2){
echo $func->show_alert('Wrong old password was given','error');
}
?>
</head>
<body class="hold-transition login-page">
<div class="login-box">
<div class="login-logo">
<a href="<?php echo $INFO['home_url'];?>"><b>Adimi</b>Soft</a>
</div>
<!-- /.login-logo -->
<div class="card">
<div class="card-body login-card-body">
<p class="login-box-msg">The first time you log in to the software, please change your password.</p>
<form action="?act=changepass" method="post">
<div class="input-group mb-3">
<input type="password" class="form-control" placeholder="old password" name="f[old_password]" required>
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-lock"></span>
</div>
</div>
</div>
<div class="input-group mb-3">
<input type="password" class="form-control" placeholder="A new password" name="f[new_password]" required>
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-lock"></span>
</div>
</div>
</div>
<div class="input-group mb-3">
<input type="password" class="form-control" placeholder="Enter a new password" name="f[renew_password]" required>
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-lock"></span>
</div>
</div>
</div>
<div class="row">
<div class="col-12">
<button type="submit" class="btn btn-primary btn-block" name="submitbt">Change Password</button>
</div>
<!-- /.col -->
<div class="col-12">
<a class="btn btn-info btn-block mt-4" href="/?act=login&code=logout">Sign out</a>
</div>
</div>
</form>
<!--<p class="mt-3 mb-1">
<a href="login.html">Login</a>
</p>-->
</div>
<!-- /.login-card-body -->
</div>
</div>
<!-- /.login-box -->
</body>
</html>