| 1 | <?php |
| 2 | |
| 3 | function set_password() { |
| 4 | global $db,$error,$error_messages; |
| 5 | $old_password=$_POST['old_password']; |
| 6 | $new_password1=$_POST['new_password1']; |
| 7 | $new_password2=$_POST['new_password2']; |
| 8 | |
| 9 | if ($new_password1!=$new_password2) { |
| 10 | $error=$error_messages['NEW_PASSWORD_MISMATCH']; |
| 11 | return false; |
| 12 | } |
| 13 | $user_id=$_SESSION['user_id']; |
| 14 | $login=$_SESSION['user_name']; |
| 15 | if (!$user_id) { |
| 16 | return false; |
| 17 | } |
| 18 | |
| 19 | //old password check |
| 20 | |
| 21 | $q="select * from users where login='$login'"; |
| 22 | $set=$db->query($q); |
| 23 | $set->next(); |
| 24 | if ($set->getString('password')!=md5($old_password)) { |
| 25 | $error="bad password"; |
| 26 | return false; |
| 27 | } |
| 28 | |
| 29 | |
| 30 | //changing in MySQL |
| 31 | $password=md5($new_password1); |
| 32 | $db->query("update users set password='$password' where user_id='$user_id'"); |
| 33 | } |
| 34 | |
| 35 | ?> |