Code: Select all
<?php {
// check the login details of the user and stop execution if not logged in
if(!empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['password2'])) ;
$todo=$_POST['todo'];
$password=md5(mysql_real_escape_string($_POST['password']));
$password2=md5(mysql_real_escape_string($_POST['password2']));
/////////////////////////
if(isset($todo) and $todo=="change-password"){
$password=md5(mysql_real_escape_string($_POST['password']));
//Setting flags for checking
$status = "OK";
$msg="";
if ( strlen($password) < 3 or strlen($password) > 100 ){
$msg=$msg."Password must be more than 3 char legth and maximum 100 char lenght<BR>";
$status= "NOTOK";}
if ( $password <> $password2 ){
$msg=$msg."Both passwords are not matching<BR>";
$status= "NOTOK";}
if($status<>"OK"){
echo "$msg<br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
}else{ // if all validations are passed.
if(mysql_query("update users set Password='$password' where UserID='$_SESSION[UserID]'")){
echo "Thanks <br> Your password changed successfully.";
}else{echo "Sorry <br> Failed to change password Contact Site Admin";
}
}
} else ?>
<div id="stylized" class="myform">
<form id="form" method="post" action="account.php?p=settings">
<input type="hidden" name="todo" value="change-password">
<h1>Change Password:</h1>
<p>Enter details below to change your password</p>
<label>New Password
<span class="small"></span>
</label>
<input type="password" name="password" id="password" />
<label>Re-Enter Password
<span class="small"></span>
</label>
<input type="password" name="password2" id="password2" />
<button type="submit">Change Password</button>
<div class="spacer"></div>
</form>
<?php ;
echo "</div>";
}?>