-
Notifications
You must be signed in to change notification settings - Fork 0
/
change_password.php
126 lines (124 loc) · 3.38 KB
/
change_password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
<?php
session_start();
if (!isset($_SESSION['id'])) {
header("location: notloggedin.php");
exit();
}
include_once "connect_to_mysql.php";
if (isset($_POST['oldpassword']))
{
$errormsg = "";
$id = $_SESSION['id'];
$oldpassword = ereg_replace("[^A-Za-z0-9]", "", $_POST['oldpassword']);
$newpassword = ereg_replace("[^A-Za-z0-9]", "", $_POST['newpassword']);
$retypepassword = ereg_replace("[^A-Za-z0-9]", "", $_POST['retypepassword']);
$hashedpass = md5($oldpassword);
$sql = mysql_query("SELECT * FROM membership WHERE id='$id' LIMIT 1");
$count = mysql_num_rows($sql);
if ($count > 1)
{
header("location: ooops.php");
exit();
}
while($row = mysql_fetch_array($sql))
{
$email = $row["email"];
$firstname = $row["firstname"];
$surname = $row["surname"];
$password = $row["password"];
}
if((!$oldpassword) || (!$newpassword) || (!$retypepassword))
{
$errormsg = "You need to put in your old password, and type the new password in both boxes.<br /><br />";
}
elseif ($hashedpass != $password )
{
$errormsg = "Old password isn't correct.";
}
elseif ($newpassword != $retypepassword)
{
$errormsg = "New passwords dont match.";
}
elseif (strlen($newpassword)<4)
{
$errormsg = "Password is too short.";
}
else
{
$hashednewpassword = md5($newpassword);
$sql = mysql_query("UPDATE membership SET password='$hashednewpassword' WHERE id='$id'");
if ($sql)
{
header("location: actioncompleted.php");
}
else
{
header("location: ooops.php");
}
exit();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>PockSquash - Change Password</title>
<link rel="stylesheet" type="text/css" href="CSS/psmain.css" />
</head>
<body>
<?php
include ("headerbanner.php");
session_start(); // Must start session first thing
//Connect to the database through our include
// Query member data from the database and ready it for display
$id=$_SESSION['id'];
$sql = mysql_query("SELECT * FROM membership WHERE id='$id' LIMIT 1");
$count = mysql_num_rows($sql);
if ($count > 1) {
header("location: ooops.php");
exit();
}
while($row = mysql_fetch_array($sql)){
$email = $row["email"];
$firstname = $row["firstname"];
$surname = $row["surname"];
$password = $row["password"];
}
?>
<div class="body row scroll-y" align="center" id="MainBody" >
<table width="80%" border="0" cellpadding="12">
<tr>
<td colspan="2" style="height: 33px"><font color="#FF0000"><?php echo "$errormsg"; ?>
</font></td>
<td style="height: 33px; width: 162px;" class="auto-style1"> </td>
<td style="height: 33px"> </td>
</tr>
<form action="change_password.php" method="post" enctype="multipart/form-data" name="form" id="form" onsubmit="return validate_form ( );">
<tr>
<td>
Old Password:
<input name="oldpassword" type="password" id="oldpassword" />
</td>
</tr>
<tr>
<td>
New Password:
<input name="newpassword" type="password" id="newpassword" />
</td>
</tr>
<tr>
<td>
Retype Password:
<input name="retypepassword" type="password" id="retypepassword" />
</td>
</tr>
<tr>
<td><input name="Submit" type="submit" value="Change Password" /></td>
</tr>
</form>
</table>
</div>
<?php include ("footer.php")?>
</body>
</html>