<?php $nuser = mysql_real_escape_string($_POST['login']); // 'login' is name f

1. <?php
2. $nuser = mysql_real_escape_string($_POST['login']); // 'login' is name from the html form
3. $npass = $_POST['password']; // 'password' is name from the html form
4. $nnewpass = $_POST['newpassword']; // 'newpassword' is name from the html form
5. $nconfirmpass = $_POST['confirmnewpassword']; // 'confirmnewpassword' is name from the html form
6.  
7. $username = strtoupper($nuser);
8. $password = sha1($username .":". strtoupper($npass));
9. $newpassword = sha1($username .":". strtoupper($nnewpass));
10. $confirmpass = sha1($username .":". strtoupper($nconfirmpass));
11.  
12. $result = mysql_query("SELECT sha_pass_hash FROM account WHERE username='{$username}'");
13. //echo($password.", ".$username.", ".mysql_result($result, 0));
14.  
15. if(!$result)
16. {
17. echo "<p>The username you entered does not exist, try again.</p>";
18. }
19. else if($password != mysql_result($result, 0))
20. {
21. echo "<p>Please retry your password.</p>";
22. }
23. else if($newpassword == $confirmpass)
24. $sql=mysql_query("UPDATE account SET sha_pass_hash='{$newpassword}', v = NULL, s = NULL where username='{$username}'");
25. if($sql)
26. {
27. echo "<p>Congratulations you have successfully changed your password!</p>";
28. }
29. else
30. {
31. echo "<p>Please retry your password</p>";
32. }
33. ?>