wwwroot/inc/eventz/set_password.inc

   1 <?php
   2
   3 function set_password() {
   4         global $db,$error,$error_messages;
   5         $old_password=$_POST['old_password'];
   6         $new_password1=$_POST['new_password1'];
   7         $new_password2=$_POST['new_password2'];
   8
   9         if ($new_password1!=$new_password2) {
  10                 $error=$error_messages['NEW_PASSWORD_MISMATCH'];
  11                 return false;
  12         }
  13         $user_id=$_SESSION['user_id'];
  14         $login=$_SESSION['user_name'];
  15         if (!$user_id) {
  16                 return false;
  17         }
  18
  19         //old password check
  20         require_once(INCLUDE_DIR."eventz/login.inc");
  21         if(!login_check($user_id, $old_password)) {
  22                 $error="bad password";
  23                 return false;
  24         }
  25
  26         //changing in MySQL
  27         $password=sha1($new_password1);
  28         $db->query("update users set password='$password' where user_id='$user_id'");
  29         login_check($user_id, $new_password1); //znova se zalogujeme po zmene hesla (kvuli jabberu)
  30 }