1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83
| <?php
function initiateChangePass()
{
$accno = (int)$_POST['accno'];
$type = $_POST['acctype'];
$pwd = $_POST['password']; // MP en clair
$change_pass = array(
'acc_no' => $acc_no,
'acc_type' => $type,
'pass_wd' => $pwd
);
//now setting the temp array into session so we can use it later...
$_SESSION['change_pass'] = $change_pass;
//generate and send token
$tokenPass = rand(100000, 9999999);
$tokenPass = strlen($tokenPass) != 6 ? substr($tokenPass, 0, 6) : $tokenPass;
$_SESSION['otp_tokenpass'] = $tokenPass;
//email it now.
$subject = "Email Verification Code";
$to = $_SESSION['hlbank_user']['email'];
$mail_data = array('to' => $to, 'sub' => $subject, 'msg' => 'otppass', 'tokenpass' => $tokenPass);
send_email($mail_data);
header('Location: index.php?v=rptoken');
exit();
}
function doResetPassword()
{
$tokenPass = (int)$_POST['tokenpass'];
$s_tokenpass = (int)$_SESSION['otp_tokenpass'];
if($s_tokenpass == $tokenPass) {
extract($_SESSION['change_pass']);
}
else {
header('Location: index.php?v=changepass&msg=' . urlencode('Verification Code in not valid.'));
exit();
}
$id = $_POST['id'];
$accno = (int)$_POST['accno'];
$type = $_POST['acctype'];
$pwd = $_POST['password']; // clair
$pwd_hash = hash('sha512',$pwd); // hash512
$errorMessage = '';
$sql_st = 'SELECT u.fname, u.lname, u.email, u.is_active, u.phone,
a.acc_no, a.user_id, a.pin, a.type, a.status,
ad.address, ad.city, ad.state, ad.zipcode
FROM tbl_users u, tbl_accounts a, tbl_address ad
WHERE a.acc_no = ? AND u.pwd = ?
AND u.id = a.user_id AND ad.user_id = u.id AND u.is_active != ?';
$result = dbQuery($sql_st,$accno,$type,"FALSE");
if (dbNumRows($result) == 1) {
$row = dbFetchAssoc($result);
$_SESSION['hlbank_tmp'] = $row;
$_SESSION['hlbank_user_name'] = strtoupper( $row['fname'].' '.$row['lname']);
$sql = "UPDATE tbl_users SET pwd = ? WHERE id = ?";
$result = dbQuery($sql,$pwd_hash,$id);
$subject = "Password changed";
$to = $_SESSION['hlbank_user']['email'];
// dans le mail on envoie bien le $pwd soit MDP en clair
$mail_data = array('to' => $to, 'sub' => $subject, 'msg' => 'change_pwd', 'pwd' => $pwd);
send_email($mail_data);
//email details...
header('Location: index.php?v=changepass&success=' . urlencode('Password successfully changed.'));
exit();
}
else {
$errorMessage = 'Not valid account number or password or Account is not Active. Please try again or contact to support.';
}
return $errorMessage;
}
?> |
Partager