forked from Raichan/Larp-kalenteri
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmodifyPasswordValidate.php
More file actions
38 lines (36 loc) · 1.09 KB
/
modifyPasswordValidate.php
File metadata and controls
38 lines (36 loc) · 1.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
<?php
function getEventId($pass) {
require_once (__DIR__ . '/dat/connectDB.php');
$query = "SELECT id FROM events WHERE password = $1 and status = 'ACTIVE';";
$params = array($pass);
$result = dbQueryP($query, $params);
if ($result != null) {
if (!$result || pg_num_rows($result) <= 0) {
return null;
} else {
$row = pg_fetch_row($result);
$eventid = $row[0];
return $eventid;
}
} else {
return null;
}
}
if (!empty($_POST["password"])) {
$password = trim($_POST["password"]);
$id = getEventId($password);
if($id == null){
header("Location: modifyPassword.php?error=1");
}
else{
// Submitting the correct event id via post to keep the system a bit more secure than just giving the id as url parameter
echo("
<form id='modifyform' action='modifyEvent.php' data-remote='true' method='post'>
<input type='hidden' id='modifyid' name='modifyid' value='" . $id . "'/>
</form>
<script>document.getElementById('modifyform').submit();</script>");
}
} else {
header("Location: modifyPassword.php?error=2");
}
?>