CasperSecurity
<?php
include("../includes/connection.php");
if (!isset($_SESSION['id'])):
header("location:index.php");
endif;
$id1=$_SESSION['id'];
$pas="SELECT uname from admin_login where id='$id1'";
$res=db_query($pas);
$rowpas=$res->fetch_assoc();
$page1 = "setting";
$stage = $connect->real_escape_string($_POST['stage']);
if ($stage == 2) {
$captcha = $connect->real_escape_string($_POST['recaptchaResponse']);
//print $captcha;
if(!$captcha){
$msg = "Please check the captcha form.";
print "<script>";
print "self.location = '?strmsg=$msg';";
print "</script>";
exit;
}
// Build POST request:
$recaptcha_url = 'https://www.google.com/recaptcha/api/siteverify';
$recaptcha_secret = $secretKey;
$recaptcha_response = $connect->real_escape_string($_POST['recaptchaResponse']);
// Make and decode POST request:
//$recaptcha = file_get_contents($recaptcha_url . '?secret=' . $recaptcha_secret . '&response=' . $recaptcha_response);
$recaptcha = url_get_contents($recaptcha_url . '?secret=' . $recaptcha_secret . '&response=' . $recaptcha_response);
$recaptcha = json_decode($recaptcha);
if ($recaptcha->score >= 0.5) {
$uname = $connect->real_escape_string($_POST['uname']);
$oldpwd = $connect->real_escape_string($_POST['oldpwd']);
$newpwd = $connect->real_escape_string($_POST['newpwd']);
$mysql = "select pwd from admin_login where uname='" . $uname . "'";
$query = db_query($mysql);
$row = mysqli_fetch_row($query);
if ($connect->real_escape_string(trim($row[0])) != $oldpwd) {
$msg = "Invalid Old Password, Please Try Again.";
setcookie("msg", $msg, time() + 3);
print "<script>";
print "self.location ='change_password.php';";
print "</script>";
} else {
$strsql1 = "update admin_login set pwd='" . $newpwd . "' where uname = '" . $uname . "' And id='$id1'";
echo $strsql1; exit();
$result2 = db_query($strsql1);
$msg = "Password changed successfully.";
setcookie("msg", $msg, time() + 3);
print "<script>";
print "self.location = 'change_password.php';";
print "</script>";
}
}else{
$msg = "Please check the captcha.";
print "<script>";
print "self.location = 'login.php?strmsg=$msg';";
print "</script>";
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>UIM</title>
<?php include("css.php"); ?>
<script type="text/javascript">
function validate(){
if (document.pwd.oldpwd.value == "") {
alert("Enter Your Old Password.");
document.pwd.oldpwd.focus();
return false;
}
if (document.pwd.newpwd.value == "") {
alert("Enter Your New Password.");
document.pwd.newpwd.focus();
return false;
}
if (document.pwd.cnewpwd.value == "") {
alert("Retype Your New Password.");
document.pwd.cnewpwd.focus();
return false;
}
if (document.pwd.newpwd.value != "" && document.pwd.cnewpwd.value != "")
{
if (document.pwd.newpwd.value != document.pwd.cnewpwd.value)
{
alert("New Password Mismatched.");
document.pwd.cnewpwd.focus();
return false;
}
}
}
</script>
</head>
<body class="sidebar-pinned">
<?php include("left1.php") ?>
<main class="admin-main">
<!--site header begins-->
<?php include("admin_header.php");?>
<!--site header ends -->
<section class="admin-content ">
<div class="bg-dark">
<div class="container m-b-30">
<div class="row">
<div class="col-12 text-white p-t-40 p-b-90">
<h4 class="">Change Password</h4>
<p class="opacity-75 "></p>
</div>
</div>
</div>
</div>
<div class="container pull-up">
<div class="row" style="margin: 0 auto; width:100%; align-items: center;
justify-content: center;">
<!--message-->
<?php if ($_COOKIE['msg']) { ?>
<div class="clearfix"></div>
<div class="col-lg-8">
<div class="alert alert-success">
<a href="#" class="close" data-dismiss="alert" onClick="$('.alert').hide('slow');">×</a>
<?php print str_replace("+", " ", $_COOKIE['msg']); ?>
</div>
</div>
<?php } ?>
<!--message-->
<div class="col-lg-8">
<div class="card m-b-30">
<div class="card-header">
<h5 class="m-b-0">
Change Password
</h5>
<p class="m-b-0 text-muted">
Enter your old password to reset password.
</p>
</div>
<form name="pwd" method="POST" action="change_password.php" onSubmit="return validate();">
<input type="hidden" name="stage" value="2">
<input type="hidden" name="recaptchaResponse" id="recaptchaResponse">
<div class="card-body ">
<div class="form-row">
<label for="username">User Name</label>
<input type="text" class="form-control" id="username" name="uname" value="<?php print $rowpas['email']; ?>" readonly >
</div>
<div class="form-row">
<label for="oldpwd">Old Password</label>
<input type="password" class="form-control" id="oldpwd" name="oldpwd" value="" required >
</div>
<div class="form-row">
<label for="newpwd">New Password</label>
<input type="password" class="form-control" id="newpwd" name="newpwd" value="" required >
</div>
<div class="form-row form-group">
<label for="conpwd">Confirm Password</label>
<input type="password" class="form-control" id="conpwd" name="cnewpwd" value="" required >
</div>
<div class="form-group">
<button type="submit" class="btn btn-primary">Submit</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</section>
</main>
<?php include("js.php"); ?>
<!--Additional Page includes-->
<script src="assets/vendor/apexchart/apexcharts.min.js"></script>
<!--chart data for current dashboard-->
<script src="assets/js/dashboard-01.js" type="text/javascript"></script>
<script src="https://www.google.com/recaptcha/api.js?render=<?php print $sitekey; ?>"></script>
<script>
grecaptcha.ready(function () {
grecaptcha.execute('<?php print $sitekey; ?>',{action:'login'}).then(function(token){
var recaptchaResponse = document.getElementById('recaptchaResponse');
recaptchaResponse.value = token;
});
});
</script>
</body>
</html>