/* change_password.php (c) 2000 Ying Zhang (ying@zippydesign.com) * * TERMS OF USAGE: * This file was written and developed by Ying Zhang (ying@zippydesign.com) * for educational and demonstration purposes only. You are hereby granted the * rights to use, modify, and redistribute this file as you like. The only * requirement is that you must retain this notice, without modifications, at * the top of your source code. No warranties or guarantees are expressed or * implied. DO NOT use this code in a production environment without * understanding the limitations and weaknesses pretaining to or caused by the * use of these scripts, directly or indirectly. USE AT YOUR OWN RISK! */ /****************************************************************************** * MAIN *****************************************************************************/ include("../application.php"); require_login(); /* form has been submitted, check if it the user login information is correct */ if (match_referer() && isset($HTTP_POST_VARS)) { $frm = $HTTP_POST_VARS; $errormsg = validate_form($frm, $errors); if (empty($errormsg)) { update_password($frm["newpassword"]); $noticemsg = "Password change successful"; } } $DOC_TITLE = "Change Password"; include("$CFG->templatedir/header.php"); include("$CFG->templatedir/form_header.php"); include("templates/change_password_form.php"); include("$CFG->templatedir/footer.php"); /****************************************************************************** * FUNCTIONS *****************************************************************************/ function validate_form(&$frm, &$errors) { /* validate the forgot password form, and return the error messages in a string. * if the string is empty, then there are no errors */ $errors = new Object; $msg = ""; if (empty($frm["oldpassword"])) { $errors->oldpassword = true; $msg .= "You did not specify your old password"; } elseif (! password_valid($frm["oldpassword"])) { $errors->oldpassword = true; $msg .= "Your old password is invalid"; } elseif (empty($frm["newpassword"])) { $errors->newpassword = true; $msg .= "You did not specify your new password"; } elseif (empty($frm["newpassword2"])) { $errors->newpassword2 = true; $msg .= "You did not confirm your new password"; } elseif ($frm["newpassword"] != $frm["newpassword2"]) { $errors->newpassword = true; $errors->newpassword2 = true; $msg .= "Your new passwords do not match"; } return $msg; } function password_valid($password) { /* return true if the user's password is valid */ global $SESSION; $username = $SESSION["user"]["username"]; $password = md5($password); $qid = db_query("SELECT 1 FROM users WHERE username = '$username' AND password = '$password'"); return db_num_rows($qid); } function update_password($newpassword) { /* set the user's password to the new one */ global $SESSION; $username = $SESSION["user"]["username"]; $newpassword = md5($newpassword); $qid = db_query("UPDATE users SET password = '$newpassword' WHERE username = '$username'"); } ?>
