time() - (15*60) AND strpos($_SERVER['HTTP_REFERER'], 'http://'.$CONFIG['base_url'].'/index.php') == 0) //If we update the password and token is correct { $req_pass = $bdd->query('SELECT password FROM copains WHERE id='.(int) $_SESSION['id']); $password_bdd = $req_pass->fetch(); if($_POST['password_new1'] == $_POST['password_new2'] && $password_bdd['password'] == sha1($_POST['password_old'] . $CONFIG['salt'])) { $req = $bdd->prepare('UPDATE copains SET password=:password WHERE id='.(int) $_SESSION['id']); $req->bindValue(':password', sha1($_POST['password_new1'] . $CONFIG['salt'])); $req->execute(); header('location: message.php?id=13'); exit(); } else { header('location: message.php?id=12'); exit(); } } $_SESSION['token_password'] = sha1(uniqid(rand(), true)); //We generate a token and store it in a session variable $_SESSION['token_password_time'] = time(); //We also store the time at which the token has been generated ?>