diff --git a/rememberpassword.php b/rememberpassword.php index d54344c..c35f7ad 100644 --- a/rememberpassword.php +++ b/rememberpassword.php @@ -7,7 +7,13 @@ define('ERROR_WRONG_LOGIN', 'Такого пользователя не суще define('ERROR_TOO_MANY_TRIES', 'Вы уже отправляли себе письмо сегодня!'); define('ERROR_OLD_HASH', 'Ссылка устарела!'); define('ERROR_WRONG_HASH', 'Неверная ссылка!'); +$login = filter_input(INPUT_POST, 'loginid', FILTER_SANITIZE_SPECIAL_CHARS); $password = password_hash(filter_input(INPUT_POST, 'psw'), PASSWORD_DEFAULT); +$allowChange = false; +$changePassword = filter_input(INPUT_GET, 'change'); +$newPassword = $_POST['newpasswd'] ?? 0; +$hashCheck = $_POST['hashcheck'] ?? 0; + function mail_send($to, $from_user, $from_email, $subject = '(No subject)', $message = '') { $from_user = "=?UTF-8?B?" . base64_encode($from_user) . "?="; @@ -19,8 +25,6 @@ function mail_send($to, $from_user, $from_email, $subject = '(No subject)', $mes return mail($to, $subject, $message, $headers); } - -$login = filter_input(INPUT_POST, 'loginid', FILTER_SANITIZE_SPECIAL_CHARS); if ($login) { $loginCheck = db::c()->query('SELECT email FROM users WHERE login = "?s"', $login)->fetch_assoc(); if ($loginCheck) { @@ -48,9 +52,6 @@ if ($login) { $statusMessage = ERROR_WRONG_LOGIN; } } - -$allowChange = false; -$changePassword = filter_input(INPUT_GET, 'change'); if ($changePassword) { if (db::c()->query('SELECT 1 FROM users_recovery WHERE `hash` = "?s" AND `date` < "?s"', $changePassword, date('Y-m-d'))->getNumRows()) { $allowChange = true; @@ -59,14 +60,13 @@ if ($changePassword) { $statusMessage = ERROR_OLD_HASH; } } - -if (!empty($_POST['newpasswd']) && !empty($_POST['hashcheck'])) { - $query = db::c()->query('SELECT login FROM users_recovery WHERE hash = "?s"', $_POST['hashcheck']); +if ($newPassword && $hashCheck) { + $query = db::c()->query('SELECT login FROM users_recovery WHERE hash = "?s"', $hashCheck); if ($query->getNumRows()) { - $query->fetch_assoc(); - $passwordHashed = password_hash($_POST['newpasswd'], PASSWORD_DEFAULT); + $query = $query->fetch_assoc(); + $passwordHashed = password_hash($newPassword, PASSWORD_DEFAULT); db::c()->query('UPDATE users SET pass = "?s" WHERE login = "?s"', $passwordHashed, $query['login']); - db::c()->query('DELETE FROM confirmpasswd WHERE hash = "?s"', $_POST['hashcheck']); + db::c()->query('DELETE FROM confirmpasswd WHERE hash = "?s"', $hashCheck); $statusMessage = OK_PASSWORD_CHANGED; } else { $statusMessage = ERROR_WRONG_HASH;