<?php
require_once 'class_user.php';
$db = new USER();
$eventlog = EVENTLOG;
function event_log($text){
if(EVENTLOG == Y){
$text=$uid."\t".$text;
$file = "logs"."/".APP_NAME.date("Y-m-d").".log";
//$file = "logs/dailyroll".date("Y-m-d").".log";
error_log(date("[Y-m-d H:i:s]")."\t[INFO][".basename(__FILE__)."]\t".$text."\r\n", 3, $file);
}
}
if($_SERVER['REQUEST_METHOD']=='POST'){
event_log("begining of changepassword");
// receiving the post params
// $email = 'kk@gmail.com';
$email = $_POST['email'];
//$oldpass = 'abc123';
$oldpass = $_POST['oldpass'];
//$newpass = 'abc1234';
$newpass = $_POST['newpass'];
//$repass = $_POST['repass'];
// $repass = '';
$user = $db->getUserByEmailAndPassword($email, $oldpass);
if($user == false){
$response["error"] = FALSE;
$response["message"] = 'Invalid Email or Old password';
echo json_encode($response);
event_log(json_encode($response));
} else {
$hash = $db->hashSSHA($newpass);
$encrypted_password = $hash["encrypted"]; // encrypted password
$salt = $hash["salt"]; // salt
$sql = "UPDATE users SET encrypted_password = '$encrypted_password', salt = '$salt', updated_at ='Now()' WHERE email = '$email'";
$stmt = $db->runQuery($sql);
$result = $stmt->execute();
//echo $sql;
//$stmt->close();
//$result = $db -> changePassword($email, $new_password);
if($result) {
$response["error"] = TRUE;
$response["message"] = "Password Changed Successfully";
echo json_encode($response);
event_log(json_encode($response));
} else {
$response["error"] = FALSE;
$response["message"] = 'Error Updating Password';
echo json_encode($response);
event_log(json_encode($response));
}
}
}else{
echo 'error';
}
?>