Untitled

<?PHP
//Retrieves the sessions variables.
session_start();

//Allows the page to utilise  code and variables within "processerror.php".
//Overrides error handler.
include 'processerror.php';
set_error_handler("logmyerror");

//collect stat data
$page = $_SERVER['PHP_SELF'];
$ip = $_SERVER['REMOTE_ADDR'];
$user = "";
logstats($page, $ip, $username);

// set database server access variables:
$host = "localhost";
$user = "root";
$pass = "09k6CcsGxBq7p";
$db = "wssbulletinboarddatabase";

// open connection
$connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!");

//Select the database stored in teh variable "$db". If this fails then end the script and dispaly the text "Unable to select database!".
mysql_select_db($db) or die ("Unable to select database!");

//This creates a MySQL query and stores the query into the veriable "$query".
//This query selects all the records from the table "users" within the database "wssbulletinboarddatabase" where the value of the data in the coulmn "UserName" is the same as the valued stored in the session variable "user".
$query = "SELECT * FROM `wssbulletinboarddatabase`.`users` WHERE UserName='" . $_SESSION["user"] . "'";

//This executes the query and stores the data into the $results varible. If the query was not executed then the script is stopped and an error occurs.
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());

//This if statement checks to see if the number of rows retreived from the query is the same as 1.
if (mysql_num_rows($result) == 1){
//If true then store the record into the variable $newpwd
	$newpwd = mysql_fetch_row($result);
//This if statement checks to see if the value stored in the third column of teh record is the same as the valued stored in te post variable "txtOldPassword".
	if ($newpwd[2] == $_POST["txtOldPassword"])
	{
//If true then nothing happens and the rest of the script continues to run.
	}
	else{
//If false then trigger an error saying the old password does not match and redirect the user top the page "changepassword.php".
		trigger_error("Old password does not match.",1024);
		header("Location: changepassword.php");
		}
}
else { //If no rows were returned, then trigger an error and redirect the user to the page "changepassword.php".
	trigger_error("Could not find user in records.",1024);
	header("Location: changepassword.php");
}

//This creates a MySQL query and stores the query into the veriable "$query2".
//This query updates data that is stored within the table "users" within the database "wssbulletinboarddatabase". This query sets the value of the data within the "Password" column to the value that is stored within the post variable "$_POST["txtNewPassword"]". This will be set on the record where the value within the column "UserName" of that record is the same as the value of the "$_SESSION["user"]" session variable.
$query2 = "UPDATE `wssbulletinboarddatabase`.`users` SET Password='" . $_POST["txtNewPassword"] . "' WHERE UserName='" . $_SESSION["user"] . "'";

// execute query
if (mysql_query($query2)){
//if the query is executed then redirect the user to the page "index.php".
	header("Location:index.php");
}
else {
//If the query fails then store error information into the session variable "$_SESSION["usrerrmsg"]" and redirect the user to the page "changepassword.php".
	$_SESSION["usrerrmsg"] = mysql_error();
	header("Location: changepassword.php");
}

//This clears the values stored within the variable "$result".
mysql_free_result($result);

// close connection
mysql_close($connection);
?>