wwwroot/inc/eventz/set_password.inc

   1 <?php
   2
   3 function set_password() {
   4         global $db,$error,$error_messages;
   5         $old_password=$_POST['old_password'];
   6         $new_password1=$_POST['new_password1'];
   7         $new_password2=$_POST['new_password2'];
   8
   9         if ($new_password1!=$new_password2) {
  10                 $error=$error_messages['NEW_PASSWORD_MISMATCH'];
  11                 return false;
  12         }
  13         $user_id=$_SESSION['user_id'];
  14         $login=$_SESSION['user_name'];
  15         if (!$user_id) {
  16                 return false;
  17         }
  18
  19         //old password check
  20
  21         $q="select * from users where login='$login'";
  22         $set=$db->query($q);
  23         $set->next();
  24         if ($set->getString('password')!=md5($old_password)) {
  25                 $error="bad password";
  26                 return false;
  27         }
  28
  29
  30         //changing in MySQL
  31         $password=md5($new_password1);
  32         $db->query("update users set password='$password' where user_id='$user_id'");
  33 }
  34
  35 ?>