Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once('base.php');
- if(empty($_POST['oldpassword'])) { ?>
- <form method="post" action="<?php echo $PHP_SELF; ?>" name="changepw" id="form">
- <strong><label for="password">Old Password:</label></strong>
- <input type="password" name="oldpassword" id="oldpwd" size="47" length="12" />
- <br>
- <strong><label for="password">New Password:</label></strong>
- <input type="password" name="newpassword" id="newpwd" size="47" length="12" />
- <br>
- <input type="submit" value="Submit" id="submit" name="pwchangesubmit" />
- <?php } elseif($_POST['oldpassword'] && $_POST['newpassword']) {
- $oldpass = $_POST['oldpassword'];
- $newpass = $_POST['newpassword'];
- $username = $_SESSION['username'];
- if (!ctype_alnum($oldpass)) {
- die("Please use Alphanumeric characters only.");
- };
- if (!ctype_alnum($newpass)) {
- die("Please use Alphanumeric characters only.");
- };
- $checkoldpass = mssql_query("SELECT * FROM dbo.Login WHERE PWD = 'CONVERT(varbinary,".$oldpass).")' ");
- if(mssql_num_rows($checkoldpass) != 1)
- {
- echo "<h1>Error</h1>";
- echo mssql_num_rows($checkoldpass);
- echo "<p>Sorry, you entered the wrong old password. Please go back and try again.</p>";
- }
- elseif(mssql_num_rows($checkoldpass) == 1)
- {
- $changepass = mssql_query("UPDATE dbo.Login SET PWD = 'CONVERT(varbinary,".passconvert($newpass).")'");
- if($registerquery)
- {
- echo "<h1>Success</h1>";
- echo "<p>Your password has been sucessfully changed.</p>";
- }
- else
- {
- echo "<h1>Error</h1>";
- echo "<p>Sorry, your password change failed. Please go back and try again.</p>";
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
