Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- ini_set ('display_errors',0);
- session_start();
- $user = $_SESSION['username'];
- if ($user)
- {
- // user is logged in
- if($_POST['submit'])
- {
- //Check fields
- $oldpassword = md5($_POST['oldpassword']);
- $newpassword = md5($_POST['newpassword']);
- $repeatnewpassword = md5($_POST['repeatnewpassword']);
- // check password against db
- // connect db
- $connect = mysql_connect("localhost","root","") or die("couldn't connect");
- mysql_select_db("phplogin") or die ("Couldn't connect");
- $queryget = mysql_query("SELECT password FROM users WHERE username='$user'") or die("Query didnt work!");
- $row = mysql_fetch_assoc($queryget);
- $oldpassworddb = $row['password'];
- //check passwords
- if ($oldpassword == $oldpassworddb)
- {
- // check two new passwords
- if ($newpassword == $repeatnewpassword)
- {
- //success
- //change password in db
- $querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE username='$user'");
- session_destroy();
- die ("Your password has been changed. <a href='index.php'> Return</a> to the main page.");
- }
- else
- die("New passwords don't match!");
- }
- else
- die("Old password doesnt match!");
- }
- else
- {
- echo"
- <form action='changepassword.php' method='POST'>
- Old password: <input type='text' name='oldpassword'><p>
- New password: <input type='password' name='newpassword'><br>
- Repeat new password: <input type='password' name='repeatnewpassword'><p>
- <input type='submit' name='submit' value='Change password'>
- </form>
- ";
- }
- }
- else
- die("You must be logged in to change your password!");
- ?>
Add Comment
Please, Sign In to add comment
