Below is the code for the login.
Code: Select all
if ($_GET) {
$url = $_GET["url"];
}
if ($_POST) {
$user_name = $_POST["user_name"];
$password = $_POST["password"];
$password = md5($password);
$url = $_POST["url"];
$result = mysql_query("SELECT * FROM users WHERE user_name=\"" . $user_name . "\"");
if (mysql_num_rows($result) > 0) {
while ($myrow = mysql_fetch_array($result))
{
if ($myrow["password"] == $password)
{
$_SESSION['user_name'] = $user_name;
$_SESSION['admin_role'] = $myrow["role"];
$_SESSION['agency'] = $myrow["agency_name"];
/*echo "<script type=\"text/javascript\" language=\"JavaScript\">location.href = '" . $url . "';</script>";*/
header("Location: admin_area.php");
exit;
}
else
{
$msg = "<font color=red>Login failed. Wrong password entered.</font>";
}
}
}
else
{
$msg = "<font color=red>Login failed. User does not exist.</font>";
}
mysql_free_result($result);
}
Code: Select all
<?php
session_start();
if (!isset($_SESSION['user_name']))
{
header("Location: Login.php?url=" . $_SERVER['PHP_SELF']);
}
require_once("../../includes/ru_config.php");
require_once("../../includes/ru_connection.php");
require_once("../../includes/ru_data.php");
require_once("../../includes/ru_utils.php");
require_once("../../libs/ru_smarty.php");
$errorMsg;
?>
<?php
if ($_POST)
{
//Check that the friend's name, site URL and order are provided
if ($_POST['password'] == $_POST['re_password'])
{
$updateQuery = "UPDATE Users SET password ='" . $_POST['password'] . "' WHERE user_name='" . $_SESSION['user_name'] . "'";
if ($result = mysql_query($updateQuery))
{
// It worked, give confirmation
$errorMsg= '<i><b>Password changed successfully.</b></i><br>';
}
else
{
// It hasn't worked so stop. Better error handling code would be good here!
$errorMsg = "<font color=red><i><b>Sorry, there was an error changing your password.<br><br></b></i></font>";
}
}
else
{
$errorMsg = "<font color=red><i><b>Sorry, there was an error changing your password. Both the entered passwords did not match!</b></i></font><br><br>";
}
}
$smarty = new RuSmarty;
$smarty->assign("errorMsg",$errorMsg);
$smarty->assign("action",$_SERVER['PHP_SELF']);
$smarty->display('admin/change_password.tpl');
?>