Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.20 System : Linux st2.domain.com 3.10.0-1127.10.1.el7.x86_64 #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64 User : apache ( 48) PHP Version : 7.4.20 Disable Function : NONE Directory : /var/www/html/truyentranh/code/guest/ |
<?php
if(!isset($ob_user->user_id) or intval($ob_user->user_id)==0){
header('Location: /login.html');
}
$CORE->title_page = 'Change password';
if(isset($CORE->input['submitbt'])){
$f = $CORE->input['f'];
$user_id = intval($ob_user->user_id);
$row_check = $DB->fetch_row($DB->query("SELECT * FROM tb_user WHERE user_id='$user_id' "));
if (!password_verify($f['old_password'], $row_check['user_password_hash'])) {
$error = 1;
}else{
$password = trim($f['renew_password']);
$password_hash = password_hash($password, PASSWORD_DEFAULT, ['cost' => 12]);
$DB->query("UPDATE tb_user SET user_password_default='' , user_password_hash='$password_hash' WHERE user_id='$user_id' ");
$error = 0;
}
}