Menu

[2eb2a2]: / change_password.php  Maximize  Restore  History

Download this file

114 lines (92 with data), 2.9 kB 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
<?php session_start(); ?>

<html>

<head>

<title>deltasql - Change Password</title>

<link rel="stylesheet" type="text/css" href="deltasql.css">

</head>

<body>

<?php include ("head.inc.php");?>

<h2>deltasql Change Password</h2>

<br />



<form name="tlogin" id="tlogin" method="post" action="change_password.php">

<table align="center" width="300">

	<tr align="left">

		<td align="left">

			Old Password:

		</td>	

		<td align="left">

			<input type="password" name="oldpwd" />

		</td>

	</tr>

	<tr align="left">

		<td align="left">

			New Password

		</td>	

		<td align="left">

			<input type="password" name="newpwd" />

		</td>

	</tr>

	<tr align="left">

		<td align="left">

			Confirm New Password

		</td>	

		<td align="left">

			<input type="password" name="confirmnewpwd" />

		</td>

	</tr>



	<tr>

		<td>&nbsp;

			

		</td>

		<td>&nbsp;

			

		</td>

	</tr>

	<tr>

		<td>

			<input type="submit" value="Change"/>

		</td>

		<td>&nbsp;

			

		</td>

	</tr>	

</table>

</form>

<?php include ("bottom.inc.php");?>

</body>

</html>

<?php

include("conf/config.inc.php");

include("utils/utils.inc.php");



if (isset($_POST['oldpwd'])) $frm_oldpwd=$_POST['oldpwd']; else exit;

if (isset($_POST['newpwd'])) $frm_newpwd=$_POST['newpwd']; else exit;

if (isset($_POST['confirmnewpwd'])) $frm_confirmnewpwd=$_POST['newpwd']; else exit;





if ($frm_newpwd=="") die("<b><font color=\"red\"> | The new password can not be empty!</font></b>");

if ($frm_newpwd!=$frm_confirmnewpwd)

  die("<b><font color=\"red\"> | The new passwords do not match!</font></b>");



$user=$_SESSION['username'];

$userid = $_SESSION["userid"];

if ($frm_newpwd==$user) die("<b><font color=\"red\"> | The new password can not be equal to the username!</font></b>");

 

  // same test as in the login process first

$link=mysql_connect($dbserver, $username, $password);

@mysql_select_db($database) or die("Unable to select database");

$frm_newpwd=mysql_real_escape_string($_POST['newpwd'], $link);

$frm_confirmnewpwd=mysql_real_escape_string($_POST['confirmnewpwd'], $link);



$salt = retrieve_salt();

$hash_oldpwd = salt_and_hash($frm_oldpwd, $salt);

$hash_newpwd = salt_and_hash($frm_newpwd, $salt);



$query="SELECT * from tbuser WHERE id=$userid AND password='$frm_oldpwd' AND encrypted=0 LIMIT 1"; 

$result=mysql_query($query); 

$nums=mysql_num_rows($result);



if ($nums==0) {

  

  $query3="SELECT * from tbuser WHERE id=$userid AND passwhash='$hash_oldpwd' AND encrypted=1 LIMIT 1"; 

  $result3=mysql_query($query3); 

  $nums3=mysql_num_rows($result3);

  

  if ($nums3==0) {

     mysql_close();

     die("<b>The old password is wrong. Could not change password.</b>");

  }	 

}



 

$query2="UPDATE tbuser SET password='****',passwhash='$hash_newpwd',encrypted=1 WHERE id=$userid"; 

$result2=mysql_query($query2); 



mysql_close();

echo ("<b><font color=\"green\"> Password changed!</font></b>");

 

js_redirect("index.php");



?>
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.