This repository has been archived by the owner on Apr 9, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathchange_password.php
51 lines (48 loc) · 1.87 KB
/
change_password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
<?php
session_start();
$error_msg = "";
$username = $_SESSION["USERNAME"];
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$old_password = $_POST["old_password"];
$password = $_POST["password"];
$password2 = $_POST["password2"];
if ($old_password != "neptune") {
header("HTTP/1.0 403 Forbidden");
$error_msg = "Incorrect old password";
error_log("Neptune: Failed to change password for ".$username.". Old password is incorrect.");
// die();
} else
if ($password != $password2) {
header("HTTP/1.0 401 Unauthorized");
$error_msg = "New passwords mismatched.";
error_log("Neptune: Failed to change password for ".$username.". Two passwords entered mismatched.");
// die();
} else {
$error_msg = "Changed password successfully! (but of course this is just a demo webserver so no new account is created)";
error_log("Neptune: Successfully changed password for ".$username.".");
}
}
?>
<html>
<head>
<title>Change password</title>
</head>
<body>
<form action="" method="post">
<label>Old password:</label><br>
<input type="password" name="old_password" class="box"><br>
<label>New password:</label><br>
<input type="password" name="password" class="box"><br>
<label>Re-enter your new password:</label><br>
<input type="password" name="password2" class="box"><br>
<br>
<button type="submit"> Submit </button>
<div><?php echo $error_msg; ?></div>
</form>
</body>
<script>
if ( window.history.replaceState ) {
window.history.replaceState( null, null, window.location.href );
}
</script>
</html>