pass

1. <?php
2.  
3.  
4.  
5.  
6. session_start();
7.  
8.  
9. $user = $_SESSION['username'];
10. $_SESSION['errorepassword']=0;
11. //connessione al database
12. $host="localhost"; // host del database
13. $uname="root"; // utente del db
14. $psw=""; // password dell'utente sopra
15. $nomedb="toolow"; // nome del db
16. mysql_connect($host,$uname,$psw);
17. mysql_select_db($nomedb);
18. //user is logged in
19.  
20. //check fields
21.  
22. $oldpassword = $_POST['oldpassword'];
23. $newpassword = $_POST['newpassword'];
24. $repeatnewpassword = $_POST['repeatnewpassword'];
25. //check pass against db
26.  
27. $queryget = mysql_query("SELECT password FROM utenti WHERE username='$user'") or die("Query errata");
28. $row = mysql_fetch_assoc($queryget);
29.  
30. $oldpassworddb = $row['password'];
31.  
32.  
33.  
34. //check pass
35. if ($oldpassword==$oldpassworddb)
36. {
37.  
38. //check twonew pass
39. if ($newpassword==$repeatnewpassword)
40. {
41. //success
42. //change pass in db
43.  
44. if (strlen($newpassword)>25||strlen($newpassword)<6)
45. {
46. echo "La password deve essere tra 6 e 25 caratteri.";
47. }
48.  
49. else
50. {
51.  
52. $querychange = mysql_query("UPDATE utenti SET password='$newpassword' WHERE username='$user'");
53. session_destroy();
54. echo("La tua password è stata cambiata.<a href='index.php'>Torna</a> alla home");
55. $_SESSION['errorepassword']=0;
56. $errorepassword=$_SESSION['errorepassword'];
57. header("location:http://localhost/5binf/TooLow2/cambia_password.php");
58. die();
59. }
60. }
61.  
62. else{
63. $_SESSION['errorepassword']=1;
64. header("location:http://localhost/5binf/TooLow2/cambia_password.php");
65. }
66. }
67. else{
68. $_SESSION['errorepassword']=1;
69. header("location:http://localhost/5binf/TooLow2/cambia_password.php");
70. }
71. ?>