<?php// Change Password - Military$_MSSQL[Host] = "RECO-PC

1. <?php
2.  
3. // Change Password - Military
4.  
5. $_MSSQL[Host]               = "RECO-PC\SQLEXPRESS";
6. $_MSSQL[User]               = "sa";
7. $_MSSQL[Pass]               = "reco55";
8. $_MSSQL[DBNa]               = "GunzDB";
9.  
10. $r = mssql_connect($_MSSQL[Host], $_MSSQL[User], $_MSSQL[Pass]) or die("Cant connect to database");
11. mssql_select_db($_MSSQL[DBNa], $r) or die("Selection Failed");
12.  
13. if($_SESSION['username'] != "") {
14.  
15. } else {
16. <form method="post" action="index.php?page=changepass">
17. <table width="420">
18.     <tr>
19.         <td width="210" height="28" align="left">
20.             Username:
21.         </td>
22.         <td width="210" height="28" align="right">
23.             <input type="text" name="username">
24.         </td>
25.     </tr>
26.     <tr>
27.         <td width="210" height="28" align="left">
28.             Password:
29.         </td>
30.         <td width="210" height="28" align="right">
31.             <input type="password" name="curpass">
32.         </td>
33.     </tr>
34.     <tr>
35.         <td width="210" height="50" align="left">
36.             <input type="submit" name="submit" value="Login" style="height:35px; width:100px;">
37.         </td>
38.         <td width="210" height="50" align="right">
39.             <input type="reset" name="reset" value="Reset" style="height:35px; width:100px;">
40.         </td>
41.     </tr>
42. </table>
43. </form>
44.     }
45. }
46.  if(['page'] == "changepass") {
47.  
48.     $username = sql($_POST['username']);
49.     $curpass = sql($_POST['curpass']);
50.     $newpass = sql($_POST['newpass']);
51.     $newpass2 = sql($_POST['newpass2']);
52.    
53.    
54.    
55.     if(empty($username) OR empty($curpass) OR empty($newpass) OR empty($newpass2)) {
56.     die("Fill in all Fields!<br /> <a href='Index.php> Go Back</a>");
57.     return false;
58.     }
59.    
60.     $userpass = mssql_query("SELECT * FROM LOGIN WHERE UserID = '".$username."' AND Password = '".$curpass."'");
61.     if(mssql_num_rows($curpass) != 1) {
62.     die("Current password isnt correct!<br /> <a href='Index.php> Go Back</a>");
63.     return false;
64.     }
65.    
66.     if($newpass != $newpass2) {
67.     die("Passwords don't match!<br /> <a href='Index.php> Go Back</a>");
68.     return false;
69.     }
70.    
71.     $updatepass = mssql_query("UPDATE Login SET Password = '".$newpass."' WHERE UserID = '".$username."'");
72.     echo "Password changed successful!";
73. ?> 
74.  
75. <form method="post" action="index.php?page=chanepass">
76. <table width="420">
77.     <tr>
78.         <td width="210" height="28" align="left">
79.             Username:
80.         </td>
81.         <td width="210" height="28" align="right">
82.             <input type="text" name="username">
83.         </td>
84.     </tr>
85.     <tr>
86.         <td width="210" height="28" align="left">
87.             Current Password:
88.         </td>
89.         <td width="210" height="28" align="right">
90.             <input type="password" name="curpass">
91.         </td>
92.     </tr>
93.     <tr>
94.         <td width="210" height="28" align="left">
95.             New Password:
96.         </td>
97.         <td width="210" height="28" align="right">
98.             <input type="password" name="newpass">
99.         </td>
100.     </tr>
101.     <tr>
102.         <td width="210" height="28" align="left">
103.             New Password:
104.         </td>
105.         <td width="210" height="28" align="right">
106.             <input type="text" name="newpass2">
107.         </td>
108.     </tr>
109.     <tr>
110.         <td width="210" height="50" align="left">
111.             <input type="submit" name="submit" value="Change" style="height:35px; width:100px;">
112.         </td>
113.         <td width="210" height="50" align="right">
114.             <input type="reset" name="reset" value="Reset" style="height:35px; width:100px;">
115.         </td>
116.     </tr>
117. </table>
118. </form>