Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- $user = $_SESSION['username'];
- if($user)
- {
- // User Logged in
- if ($_POST['submit']) {
- // Check Fields
- $oldpassword = $_POST['oldpassword'];
- $newpassword = $_POST['newpassword'];
- $repeatnewpassword = $_POST['repeatnewpassword'];
- $oldpasswordHash = md5($oldpassword);
- $newpasswordHash = md5($newpassword);
- $repeatnewpasswordHash = md5($repeatnewpassword);
- // Check password against the database.
- // Connect db
- $connect = mysql_connect("localhost","root","");
- mysql_select_db("hub");
- $queryget = mysql_query("SELECT password FROM users WHERE username='$user'") or die("Couldn't Change Password.");
- $row = mysql_fetch_assoc($queryget);
- $oldpassworddb = $row['password'];
- // Check password
- if ($oldpasswordHash==$oldpassworddb)
- {
- if ($newpassword==$repeatnewpassword)
- {
- if (strlen($newpassword)>25||strlen($newpassword)<6)
- {
- echo "Password must be between 6 and 25 characters";
- }
- else {
- // Success
- echo "Success!!";
- // Change password in database
- $querychange = mysql_query("
- UPDATE users SET password='$newpasswordHash' WHERE username='$user'
- ");
- session_destroy(); // end the old session with the old password to start a new session with the new password
- die("Your password has been changed. <a href='index.php'>Return to index</a>");
- }
- }
- else
- die("New passwords didn't match!");
- }
- else
- die("old password didn't match");
- }
- else{
- echo"
- <form action='changepassword.php' method='post'>
- <label>Old Password</label><input type='text' name='oldpassword'>
- <label>New Password</label><input type='password' name='newpassword'>
- <label>Repeat New Password</label><input type='password' name='repeatnewpassword'>
- <input type='submit' name='submit' value='Change Password'>
- </form>
- ";
- }
- }
- else
- die("You must be logged in!");
- ?>
Add Comment
Please, Sign In to add comment
