requireLogin(); $page->useModules(); $page->header(); $oldPassword=""; $newPassword1 = $newPassword2=""; $tableName="users"; if(isset($_POST['oldPassword'])){ $oldPassword = $_POST['oldPassword']; } if(isset($_POST['newPassword1'])){ $newPassword1 = $_POST['newPassword1']; } if(isset($_POST['newPassword2'])){ $newPassword2 = $_POST['newPassword2']; } if ($_SERVER['REQUEST_METHOD']=="POST"){ if(isset($_POST['formName'])){ if(processForm()===false){ dispForm(); } } } else { dispForm(); } $page->bottom(); function dispForm(){ GLOBAL $oldPassword; GLOBAL $newPassword1; GLOBAL $newPassword2; $PHP_SELF = $_SERVER['PHP_SELF']; ob_start(); print "
\n"; print "
\n"; print "\n"; print "
\n"; print ""; print ""; print ""; print "\n"; print "
Old Pass: \n"; print "
New Pass: \n"; print "
New Pass:
(confirm)		\n"; print "
"; print "
\n"; print "\n"; print "\n"; print "\n"; print "
\n"; print "
\n"; print "
\n"; print "
\n"; print "\n"; $content = ob_get_clean(); include_once 'mod/textModule.php'; $passMod = new TextModule($content, 'text', "Change Password"); print $passMod->getHTML(); } /** * This function should not be called unless the request method is post and * 'formName' isset * * This function attempts to reset the password for a given username & * * Displays a success/failure message and returns true if successful. */ function processForm(){ $retVal = false; $errorMsg = ""; $user = getUser(); $username = $user->getUsername(); GLOBAL $oldPassword; GLOBAL $newPassword1; GLOBAL $newPassword2; GLOBAL $tableName; $db = dil_connect(); $tempError = "You must enter your current password.
"; if($oldPassword!=""){ $tempError = "The original username and password did not match up.
"; $passHash = md5($oldPassword); $queryString = "SELECT COUNT(*) FROM $tableName WHERE username=\"$username\" AND password=\"$passHash\""; if($result = mysql_query($queryString, $db)){ if($myRow = mysql_fetch_row($result)){ if($myRow[0]==1){ $tempError = "Your new password does not match the confirm password."; //$tempError.= " They should be the same password, repeated twice to "; //$tempError.= "ensure that you haven't made a typo.
"; if($newPassword1==$newPassword2){ $tempError = "You must enter a new password.
"; if($newPassword1!=""){ $tempError = ""; } } } } } } $errorMsg .= $tempError; if($errorMsg==""){ dispSuccess("Your password has been changed. Thank you.

Return home."); $retVal = true; $newPassHash = md5($newPassword1); $queryString = "UPDATE $tableName SET password=\"$newPassHash\" "; $queryString.= "WHERE username=\"$username\" AND password=\"$passHash\""; mysql_query($queryString,$db); $_SESSION['user'] = $oldUsername; $_SESSION['pass'] = $newPassword1; } else { dispError("Password not changed.

Errors:
$errorMsg"); //print "
Password not changed.
\n"; //print "Errors:
$errorMsg

\n"; } return $retVal; } ?>