Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //this script relies on a form that sends four variables: the username, current password, new password, and new password confirmation
- include("connect.php"); //connect to db
- $salt = "asdf"; //salting is good
- if (isset($_POST) && !empty($_POST)) //get variables from html form
- {
- $username= $_POST['username'];
- $cpass=$_POST['currentpassword'];
- $pw1=$_POST['password1'];
- $pw2=$_POST['password2'];
- }
- if(strlen($cpass) > 20 || strlen($pw1) > 20 || strlen($pw2) > 20) //check if longer than 20 chars
- {
- setcookie("error", "Invalid input.", time()+3600);
- header("location:somethingwentwrong.php");
- die();
- }
- if($cpass == "" || $pw1 == "" || $pw2 == "") //make sure the two password fields aren't empty
- {
- setcookie("error", "Invalid input.", time()+3600);
- header("location:somethingwentwrong.php");
- die();
- }
- if($pw1 != $pw2) //make sure the two new password fields match
- {
- setcookie("error", "Invalid input.", time()+3600);
- header("location:somethingwentwrong.php");
- die();
- }
- $cpass = md5($cpass.$salt); //hash the password then check the database to see if current password is correct
- $sql="SELECT * FROM users WHERE username='$username' and password='$cpass'";
- $result=mysql_query($sql);
- $count=mysql_num_rows($result);
- if($count == 0)
- {
- setcookie("error", "Invalid password input.", time()+3600);
- header("location:somethingwentwrong.php");
- die();
- }
- //if current pass is validated, continue
- $pw1 = md5($pw1.$salt);
- $query = "UPDATE users SET password = '$pw1' WHERE username='$creator'"; //update db
- mysql_query($query);
- setcookie("success", "Password successfully changed!", time()+3600);
- setcookie("pw", $pw1, time()+3600);
- header("location:success.php");
- die();
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement