time() - (15*60) AND strpos($_SERVER['HTTP_REFERER'], 'http://'.$CONFIG['base_url'].'/index.php') == 0) //If we update the password and token is correct
{
$req_pass = $bdd->query('SELECT password FROM copains WHERE id='.(int) $_SESSION['id']);
$password_bdd = $req_pass->fetch();
if($_POST['password_new1'] == $_POST['password_new2'] && $password_bdd['password'] == sha1($_POST['password_old'] . $CONFIG['salt']))
{
$req = $bdd->prepare('UPDATE copains SET password=:password WHERE id='.(int) $_SESSION['id']);
$req->bindValue(':password', sha1($_POST['password_new1'] . $CONFIG['salt']));
$req->execute();
header('location: message.php?id=13');
exit();
}
else
{
header('location: message.php?id=12');
exit();
}
}
$_SESSION['token_password'] = sha1(uniqid(rand(), true)); //We generate a token and store it in a session variable
$_SESSION['token_password_time'] = time(); //We also store the time at which the token has been generated
?>
Bouffe@Ulm