<?php session_start(); $user = $_SESSION['username']; //connessione al

1. <?php
2. session_start();
3. $user = $_SESSION['username'];
4.  
5. //connessione al database
6. $host="localhost"; // host del database
7. $uname="root"; // utente del db
8. $psw=""; // password dell'utente sopra
9. $nomedb="toolow"; // nome del db
10. mysql_connect($host,$uname,$psw);
11. mysql_select_db($nomedb);
12. //user is logged in
13.  
14. //check fields
15.  
16. $oldpassword = $_POST['oldpassword'];
17. $newpassword = $_POST['newpassword'];
18. $repeatnewpassword = $_POST['repeatnewpassword'];
19. //check pass against db
20.  
21. if(isset($_POST['repeatnewpassword'])){
22.  
23. $queryget = mysql_query("SELECT password FROM utenti WHERE username='$user'") or die("Query errata");
24. $row = mysql_fetch_assoc($queryget);
25.  
26. $oldpassworddb = $row['password'];
27.  
28. //check pass
29. if ($oldpassword==$oldpassworddb){
30. //check twonew pass
31. if ($newpassword==$repeatnewpassword)
32. {
33. //success
34. //change pass in db
35.  
36. if (strlen($newpassword)>25||strlen($newpassword)<6){
37. echo "La password deve essere tra 6 e 25 caratteri.";
38. }else{
39. $querychange = mysql_query("UPDATE utenti SET password='$newpassword' WHERE username='$user'");
40. session_destroy();
41. echo("La tua password è stata cambiata.<a href='index.php'>Torna</a> alla home");
42. $_SESSION['errorepassword']=0;
43. $errorepassword=$_SESSION['errorepassword'];
44. header("location:http://localhost/5binf/TooLow2/cambia_password.php");
45. die();
46. }
47. }else{
48. $_SESSION['errorepassword']=1;
49. header("location:http://localhost/5binf/TooLow2/cambia_password.php");
50. }
51. }else{
52. $_SESSION['errorepassword']=1;
53. header("location:http://localhost/5binf/TooLow2/cambia_password.php");
54. }
55. }
56. ?>