<?php$connection=mysql_connect("(host)","(Username)","(Password)");$db=mys

1. <?php
2.  
3. $connection=mysql_connect("(host)","(Username)","(Password)");
4. $db=mysql_select_db("uber",$connection);
5.  
6. function c( $str ) {
7. return addslashes( @mysql_real_escape_string( $s, $connection ) );
8. }
9.  
10. if ( isset( $_POST["changepassword"] ) )
11. {
12. $username = c( $_POST["username"] );
13. $password = c( $_POST["password"] );
14. $new = md5( c( $_POST["newpassword"] ) );
15. $confirm = md5( c( $_POST["confirmnewpassword"] ) );
16.  
17. $userQ = @mysql_query( "SELECT * FROM `users` WHERE `username` = '" . $username . "'" );
18. if ( @mysql_num_rows( $userQ ) == 0 )
19. {
20. echo "This user does not exist.";
21. }
22. else
23. {
24. $userA = @mysql_fetch_array( $userQ );
25. if ( $userA["password"] !== md5( $password ) )
26. {
27. echo "The password you entered is incorrect.";
28. }
29. else
30. {
31. if ( $new !== $confirm )
32. {
33. echo "The two new passwords you entered do not match.";
34. }
35. else
36. {
37. $change = @mysql_query( "UPDATE `users` SET `password` = '" . $new . "' WHERE `username` = '" . $username . "'" );
38. if ( $change )
39. {
40. echo "Your password has been changed.";
41. }
42. else
43. {
44. echo "An error occurred with the MySQL:<br /><br />" . mysql_errno() . ": " . mysql_error();
45. }
46. }
47. }
48. }
49. }
50. else
51. {
52. echo "Change Password<br /><br />
53. <form method=\"post\">
54. Username: <input type=\"text\" name=\"username\" id=\"username\" /><br />
55. Current Password: <input type=\"password\" name=\"password\" id=\"password\" /><br />
56. New Password: <input type=\"password\" name=\"newpassword\" id=\"newpassword\" /><br />
57. Confirm New Password: <input type=\"password\" name=\"confirmnewpassword\" id=\"confirmnewpassword\" /><br /><br />
58. <input type=\"submit\" name=\"changepassword\" id=\"changepassword\" value=\"Save &raquo;\" />
59. </form>";
60. }
61. ?>