s24semesterproject-superultra/resetPassword.php at main · SameepK/s24semesterproject-superultra · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<?php
header('Access-Control-Allow-Origin: *');
header('Content-Type: application/json');

// Database connection details
$dbServer = 'oceanus.cse.buffalo.edu:3306';
$dbUsername = 'ugoajaer';
$dbPassword = '50409878';
$dbName = 'cse442_2024_spring_team_aa_db';

// Create database connection
$conn = new mysqli($dbServer, $dbUsername, $dbPassword, $dbName);

// Check connection
if ($conn->connect_error) {
    die(json_encode(['success' => false, 'message' => 'Connection failed: ' . $conn->connect_error]));
}

// Extract username, old password, and new password from GET request
$input = json_decode(file_get_contents('php://input'), true);
$username = $input['username'];
$oldPassword = $input['oldPassword'];
$newPassword = $input['newPassword'];

// Password requirements pattern
$passwordRequirements = '/(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*()])[A-Za-z\d!@#$%^&*()]{8,}/';

if (empty($username) || empty($oldPassword) || empty($newPassword)) {
    echo json_encode(['success' => false, 'message' => 'Username, old password, and new password are required.']);
    exit;
}

// Check new password against requirements
if (!preg_match($passwordRequirements, $newPassword)) {
    echo json_encode(['success' => false, 'message' => 'Password must be at least 8 characters long, include at least one uppercase letter, one number, and one special character.']);
    exit;
}


            // Verify the old password
            if (True) /*NOTE must check that oldPassword and currenHashedPassword correspond*/ {
                // Update the password
                $newHashedPassword = $newPassword;
                $updateStmt = $conn->prepare("UPDATE peace SET password = ? WHERE username = ?");
                $updateStmt->bind_param("ss", $newHashedPassword, $username);
                if($updateStmt->execute()) {
                    echo json_encode(["success" => true, "message" => "Password updated successfully."]);
                } else {
                    echo json_encode(["success" => false, "message" => "Error updating password."]);
                }
                $updateStmt->close();

// Prepare SQL statement to fetch the user's current password
$stmt = $conn->prepare("SELECT password FROM peace WHERE email = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();

if ($result->num_rows > 0) {
    $user = $result->fetch_assoc();
    $currentHashedPassword = $user['password'];

    // Verify the old password
    if (password_verify($oldPassword, $currentHashedPassword)) {
        // Check that new password is different from old password
        if (!password_verify($newPassword, $currentHashedPassword)) {
            // Hash new password
            $newHashedPassword = password_hash($newPassword, PASSWORD_DEFAULT);

            // Update the password
            $updateStmt = $conn->prepare("UPDATE peace SET password = ? WHERE email = ?");
            $updateStmt->bind_param("ss", $newHashedPassword, $username);

            if ($updateStmt->execute()) {
                echo json_encode(['success' => true, 'message' => 'Password updated successfully.']);

            } else {
                echo json_encode(['success' => false, 'message' => 'Error updating password.']);
            }
            $updateStmt->close();
        } else {
            echo json_encode(['success' => false, 'message' => 'New password cannot be the same as the old password.']);
        }
    } else {
        echo json_encode(['success' => false, 'message' => 'Old password does not match our records.']);
    }
} else {
    echo json_encode(['success' => false, 'message' => 'User not found.']);
}

$stmt->close();
$conn->close();
?>