Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- require_once("inc.php");
- //make sure a confirmation password (password_old) was submited
- if (isset($_POST['password_old']) && ($_POST['password_old'] != NULL)) {
- //the submited password_old is stored in a variable
- $password_old = $_POST['password_old'];
- //open connectio to DB
- $sql = db();
- //sanitize the variable
- $password_old = $sql->real_escape_string($password_old);
- //md5 hash the password, in order to match in DB if it's a correct password
- $password_old = md5($password_old);
- //check session, for username and store in a variable "user"
- $username = $_SESSION['username'];
- //query the DB with our variables
- $query = "SELECT username, password FROM user where username ='".$username."' AND password ='".$password_old."'";
- //query the $query, and store it in $result
- $result = $sql->query($query);
- //store the number of rows recieved by the query in $rows
- $rows = $result->num_rows;
- //if we recieved a row ($rows) from the database, the user issued a correct username & password
- if ($rows == 1) {
- echo "Successfully applied the correct password for current user.";
- //we verify whether a new username (username_new) was submited
- if (isset($_POST['username_new']) && ($_POST['username_new'] != NULL)) {
- //we store the submbited username in $username_new
- $username_new = $_POST['username_new'];
- //we check if the submbited username already exists
- $query = "SELECT username FROM user where username ='".$username_new."'";
- //query the $query, and store it in $result
- $result = $sql->query($query);
- //store the number of rows recieved by the query in $rows
- $rows = $result->num_rows;
- //we create a rule for whether we recieved a hit or not
- if ($rows ==1) {
- echo "Username already taken.";
- $sql->close();
- die;
- }
- //if the username isn't already taken, the update is queried
- else {
- $query = "UPDATE user SET username='".$username_new."' WHERE username='".$username."' AND password='".$password_old."'";
- $sql->query($query);
- echo "Username was successfully updated.";
- $sql->close();
- die;
- }
- }
- else {
- echo "No new username was given.";
- $sql->close();
- die;
- }
- }
- else {
- echo "Failed to apply the correct password for current user.";
- $sql->close();
- die;
- }
- }
- else {
- echo "You failed to attempt providing the confirmation password.";
- die;
- }
- ?>
Add Comment
Please, Sign In to add comment