String literals should not be duplicated

This commit is contained in:
lopar 2020-08-27 20:35:30 +03:00
parent b84ee52666
commit 2af76074bb

View File

@ -7,7 +7,13 @@ define('ERROR_WRONG_LOGIN', 'Такого пользователя не суще
define('ERROR_TOO_MANY_TRIES', 'Вы уже отправляли себе письмо сегодня!'); define('ERROR_TOO_MANY_TRIES', 'Вы уже отправляли себе письмо сегодня!');
define('ERROR_OLD_HASH', 'Ссылка устарела!'); define('ERROR_OLD_HASH', 'Ссылка устарела!');
define('ERROR_WRONG_HASH', 'Неверная ссылка!'); define('ERROR_WRONG_HASH', 'Неверная ссылка!');
$login = filter_input(INPUT_POST, 'loginid', FILTER_SANITIZE_SPECIAL_CHARS);
$password = password_hash(filter_input(INPUT_POST, 'psw'), PASSWORD_DEFAULT); $password = password_hash(filter_input(INPUT_POST, 'psw'), PASSWORD_DEFAULT);
$allowChange = false;
$changePassword = filter_input(INPUT_GET, 'change');
$newPassword = $_POST['newpasswd'] ?? 0;
$hashCheck = $_POST['hashcheck'] ?? 0;
function mail_send($to, $from_user, $from_email, $subject = '(No subject)', $message = '') function mail_send($to, $from_user, $from_email, $subject = '(No subject)', $message = '')
{ {
$from_user = "=?UTF-8?B?" . base64_encode($from_user) . "?="; $from_user = "=?UTF-8?B?" . base64_encode($from_user) . "?=";
@ -19,8 +25,6 @@ function mail_send($to, $from_user, $from_email, $subject = '(No subject)', $mes
return mail($to, $subject, $message, $headers); return mail($to, $subject, $message, $headers);
} }
$login = filter_input(INPUT_POST, 'loginid', FILTER_SANITIZE_SPECIAL_CHARS);
if ($login) { if ($login) {
$loginCheck = db::c()->query('SELECT email FROM users WHERE login = "?s"', $login)->fetch_assoc(); $loginCheck = db::c()->query('SELECT email FROM users WHERE login = "?s"', $login)->fetch_assoc();
if ($loginCheck) { if ($loginCheck) {
@ -48,9 +52,6 @@ if ($login) {
$statusMessage = ERROR_WRONG_LOGIN; $statusMessage = ERROR_WRONG_LOGIN;
} }
} }
$allowChange = false;
$changePassword = filter_input(INPUT_GET, 'change');
if ($changePassword) { if ($changePassword) {
if (db::c()->query('SELECT 1 FROM users_recovery WHERE `hash` = "?s" AND `date` < "?s"', $changePassword, date('Y-m-d'))->getNumRows()) { if (db::c()->query('SELECT 1 FROM users_recovery WHERE `hash` = "?s" AND `date` < "?s"', $changePassword, date('Y-m-d'))->getNumRows()) {
$allowChange = true; $allowChange = true;
@ -59,14 +60,13 @@ if ($changePassword) {
$statusMessage = ERROR_OLD_HASH; $statusMessage = ERROR_OLD_HASH;
} }
} }
if ($newPassword && $hashCheck) {
if (!empty($_POST['newpasswd']) && !empty($_POST['hashcheck'])) { $query = db::c()->query('SELECT login FROM users_recovery WHERE hash = "?s"', $hashCheck);
$query = db::c()->query('SELECT login FROM users_recovery WHERE hash = "?s"', $_POST['hashcheck']);
if ($query->getNumRows()) { if ($query->getNumRows()) {
$query->fetch_assoc(); $query = $query->fetch_assoc();
$passwordHashed = password_hash($_POST['newpasswd'], PASSWORD_DEFAULT); $passwordHashed = password_hash($newPassword, PASSWORD_DEFAULT);
db::c()->query('UPDATE users SET pass = "?s" WHERE login = "?s"', $passwordHashed, $query['login']); db::c()->query('UPDATE users SET pass = "?s" WHERE login = "?s"', $passwordHashed, $query['login']);
db::c()->query('DELETE FROM confirmpasswd WHERE hash = "?s"', $_POST['hashcheck']); db::c()->query('DELETE FROM confirmpasswd WHERE hash = "?s"', $hashCheck);
$statusMessage = OK_PASSWORD_CHANGED; $statusMessage = OK_PASSWORD_CHANGED;
} else { } else {
$statusMessage = ERROR_WRONG_HASH; $statusMessage = ERROR_WRONG_HASH;