3 include_once("auth.php");
4 include_once("header.php");
5 include_once("conn.php");
7 if($_COOKIE["username"]) { $username = $_COOKIE["username"]; } else { $username = $_POST['username']; }
9 $username = mysql_real_escape_string($username);
11 $_COOKIE["username"] = mysql_real_escape_string($_COOKIE["username"]);
12 $_POST["password"] = mysql_real_escape_string($_POST["password"]);
13 $_POST["new_password_1"] = mysql_real_escape_string($_POST["new_password_1"]);
14 $_POST["new_password_2"] = mysql_real_escape_string($_POST["new_password_2"]);
18 if(!$_POST['password']) { $error .= "Old password field empty.<br>"; $error_count++
; }
19 if(!$_POST['new_password_1']) { $error .= "New password field empty.<br>"; $error_count++
; }
20 if(!$_POST['new_password_2']) { $error .= "New password (again) field empty.<br>"; $error_count++
; }
22 /* passwords must match */
23 if($_POST['new_password_1'] != $_POST['new_password_2']) { $error .= "New passwords must match.<br>"; $error_count++
; }
25 /* must be at least 5 chars long */
26 if(strlen($_POST['new_password_1']) < 5) { $error .= "New password must be 5 characters long.<br>"; $error_count++
; }
28 /* must contain at least one number and one letter */
29 if(!eregi('[a-z0-9_]', $_POST['new_password_1']) ||
!eregi('[^a-zA-Z]', $_POST['new_password_1'])) { $error .= "Must contain at least one number and one letter.<br>"; $error_count++
; }
31 /* must not be original password */
32 if($_POST['password'] == $_POST['new_password_1'] ) { $error .= "Must be different original password..<br>"; $error_count++
; }
34 //echo "->".$error_count."<-";
36 /* if no errors, verify old password and set new password - this prevents false incorrect passwords for other rules*/
37 if($error_count == '0') {
39 $sql = "select count(*), user_id, role, name, first_login from users where email='". $_COOKIE["username"]. "' and password=SHA(\"".$_POST['password']."\")";
43 $result = mysql_query($sql);
45 if (!$result) { die("SQL ERROR"); }
47 $row = mysql_fetch_row($result);
49 if($row[0] < 1) { $error .= "Old password incorrect.<br>"; $error_count++
; }
51 /* must check again for errors before posting password into db */
52 if($error_count == '0') {
53 $sql = "update users set password=SHA(\"".$_POST['new_password_1']."\"), first_login=0 where email='". $_COOKIE["username"]. "' and password=SHA(\"".$_POST['password']."\")";
55 $result = mysql_query($sql);
56 if (!$result) { die("SQL ERROR"); }
57 /* page where we will go next */
58 echo "Password Changed";
59 /* set cookie to new username and password*/
60 setcookie("username", $_COOKIE["username"]);
61 setcookie("password", $_POST['new_password_1']);
63 /* move to classes page */
64 echo '<html><meta http-equiv="refresh" content="0; index.php" /></html>';
71 You must change your password to
continue.
74 <li
>Passwords below must match
.</li
>
75 <li
>Must be at least
5 characters long
.</li
>
76 <li
>Must contain at least one number
and one letter
.</li
>
77 <li
>Must be different original password
.</li
>
80 <form action
="password_change.php" method
="post">
83 <tr
><td
>username
:</td
><td
><input name
="username" type
="text" value
="<?php echo $username; ?>"></td
></tr
>
84 <tr
><td
>old password
:</td
><td
><input name
="password" type
="password" value
="<?php echo $_POST['password']; ?>"></td
></tr
>
85 <tr
><td
>new password
:</td
><td
><input name
="new_password_1" type
="password"></td
></tr
>
86 <tr
><td
>new password (again
):</td
><td
><input name
="new_password_2" type
="password"></td
></tr
>
88 <input type
="submit" value
="Update">
90 <div id
=error style
='color: #f00;'><?php
echo $error; ?
></div
>
94 <?php
include_once("footer.php"); ?
>