Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <form name="resetform" action="changepass.php" id="resetform" class="passform" method="post" role="form">
- <h3>Change Your Password</h3>
- <br />
- <input type="text" name="username" value="<?php echo $_SESSION["username"]; ?>" ></input>
- <label>Enter Old Password</label>
- <input type="password" class="form-control" name="old_password" id="old_password">
- <label>Enter New Password</label>
- <input type="password" class="form-control" name="new_password" id="new_password">
- <label>Confirm New Password</label>
- <input type="password" class="form-control" name="con_newpassword" id="con_newpassword" />
- <br>
- <input type="submit" class="btn btn-warning" name="password_change" id="submit_btn" value="Change Password" />
- </form>
- <!--display success/error message-->
- <div id="message"></div>
- <script>
- $(document).ready(function() {
- var frm = $('#resetform');
- frm.submit(function(e){
- e.preventDefault();
- var formData = frm.serialize();
- formData += '&' + $('#submit_btn').attr('name') + '=' + $('#submit_btn').attr('value');
- $.ajax({
- type: frm.attr('method'),
- url: frm.attr('action'),
- data: formData,
- success: function(data){
- $('#message').html(data).delay(3000).fadeOut(3000);
- },
- error: function(jqXHR, textStatus, errorThrown) {
- $('#message').html(textStatus).delay(2000).fadeOut(2000);
- }
- });
- });
- });
- </script>
- include_once 'include/connection.php';
- if (isset($_POST['password_change'])) {
- $username = strip_tags($_POST['username']);
- $password = strip_tags($_POST['old_password']);
- $newpassword = strip_tags($_POST['new_password']);
- $confirmnewpassword = strip_tags($_POST['con_newpassword']);
- // match username with the username in the database
- $sql = "SELECT * FROM `user` WHERE `username` = ? AND password = PASSWORD(?)";
- $query = $connect->prepare($sql);
- $query->bindParam(1, $username, PDO::PARAM_STR);
- $query->bindParam(2, $password, PDO::PARAM_STR);
- if($query->execute() && $query->rowCount()){
- $hash = $query->fetch();
- if ($password == $hash['password']){
- if($newpassword == $confirmnewpassword) {
- $sql = "UPDATE `user` SET `password` = PASSWORD(?) WHERE `username` = ?";
- $query = $connect->prepare($sql);
- $query->bindParam(1, $newpassword, PDO::PARAM_STR);
- $query->bindParam(2, $username, PDO::PARAM_STR);
- if($query->execute()){
- echo "Password Changed Successfully!";
- }else{
- echo "Password could not be updated";
- }
- } else {
- echo "Passwords do not match!";
- }
- }else{
- echo "Please type your current password accurately!";
- }
- }else{
- echo "Incorrect username";
- }
- }
Add Comment
Please, Sign In to add comment