Daniel\'s Hosting - Change password

PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]); }catch(PDOException $e){ die('No Connection to MySQL database!'); } session_start(); $user=check_login(); if(!isset($_REQUEST['type'])){ $_REQUEST['type']='acc'; } $msg=''; if($_SERVER['REQUEST_METHOD']==='POST'){ if(!isset($_POST['pass']) || !password_verify($_POST['pass'], $user['password'])){ $msg.='

Wrong password.

'; }elseif(!isset($_POST['confirm']) || !isset($_POST['newpass']) || $_POST['newpass']!==$_POST['confirm']){ $msg.='

Wrong password.

'; }else{ if($_REQUEST['type']==='acc'){ $hash=password_hash($_POST['newpass'], PASSWORD_DEFAULT); $stmt=$db->prepare('UPDATE users SET password=? WHERE id=?;'); $stmt->execute([$hash, $user['id']]); $msg.='

Successfully changed account password.

'; }elseif($_REQUEST['type']==='sys'){ $stmt=$db->prepare('INSERT INTO pass_change (user_id, password) VALUES (?, ?);'); $hash=get_system_hash($_POST['newpass']); $stmt->execute([$user['id'], $hash]); $msg.='

Successfully changed system account password, change will take affect within the next minute.

'; }elseif($_REQUEST['type']==='sql'){ $stmt=$db->prepare("SET PASSWORD FOR '$user[mysql_user]'@'%'=PASSWORD(?);"); $stmt->execute([$_POST['newpass']]); $db->exec('FLUSH PRIVILEGES;'); $msg.='

Successfully changed sql password.

'; }else{ $msg.='

Couldn\'t update password: Unknown reset type.

'; } } } header('Content-Type: text/html; charset=UTF-8'); echo ''; echo 'Daniel\'s Hosting - Change password'; echo ''; echo ''; echo ''; echo ''; echo $msg; echo ''; echo '

Go back to dashboard.

'; echo '';

Reset type:
Account password:
New password:
Confirm password: