Forum Moderators: coopster
[php]
<?php
//If no cookie is present, redirect the user.
if (!isset($_COOKIE['unit'])) {
header ("Location: ["...] . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/invalid.php");
exit(); // Quit the script.
}
include('../connection/mysql_connect.php');
if(isset($_POST['submit']))
{
$message= NULL;
//check for old password
if(empty($_POST['password'])) {
$p=FALSE;
$message .= '<p>You forget to enter your Old Password</p>';
}
else {
$p=$_POST['password'];
}
//check for pasword
if(empty($_POST['password1'])) {
$np=FALSE;
$message .= '<p>You forget to enter your New Password</p>';
}
else {
if($_POST['password1'] == $_POST['password2'])
{
$np= $_POST['password1'];
}
else {
$np= FALSE;
$message .= '<p>Your New Password did not match the confirmed New Pasword</p>';
}
}
if($p && $np)
{
$query = "select password from users where unit = {$_COOKIE['unit']}";
$result =mysql_query($query);
$row =mysql_fetch_array($result,MYSQL_NUM);
$num = mysql_num_row($result);
if($num == 1)
{
$query1 = "update users set password = '$np' where unit = {$_COOKIE['unit']}";
$result1 = mysql_query($query1);
if(mysql_affected_rows()==1)
{
$message3 = null;
$message3 = "Your Password has been changed";
}else {
$message3 ="Your Password Could not be chnages due to a system error";
}
}else {
$message = "Your Old password do not match our records";
}
}else{
echo "pls try again";
}
}
?>
<html>
<body>
<table width="495" border="0" align="center" cellpadding="5">
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post" />
<tr bgcolor="#FFFFCC">
<td colspan="3"><p align="center" class="style1">Change Password </p></td>
</tr>
<tr bgcolor="#FFFFFF">
<td colspan="3" class="style1"><font color="#FF0000"><?php
if(isset($message))
{
echo $message;
}
if(isset($message3))
{
echo $message3;
}
?></font></td>
</tr>
<tr>
<td width="131" bgcolor="#CCCCCC" class="style1">Old Password: </td>
<td colspan="2"><input name="password" type="text" id="password"></td>
</tr>
<tr>
<td bgcolor="#CCCCCC" class="style1">New Password: </td>
<td colspan="2"><input name="password1" type="text" id="password1"></td>
</tr>
<tr>
<td bgcolor="#CCCCCC" class="style1">Confirm Password:</td>
<td colspan="2"><input name="password2" type="text" id="password2"></td>
</tr>
<tr>
<td> </td>
<td width="214"><div align="right">
</div></td>
<td width="112" bgcolor="#CCCCCC"><div align="center">
<input name="submit" type="submit" id="submit" value="Submit">
</div></td>
</tr>
</form>
</table>
</body>
</html>
[/php]
I would did it all in another way
<?php
// here goes some trash like cookie check and db connect
....
//
// we check if all three importand parameters were sent
if(isset($_POST['password'],$_POST['password1'],$_POST['password2']) {
// then we check if newpass and newpass retype are the same
if($_POST['password1']==$_POST['password2']) {
// for security reasons against sql injections.
// shoud be skipped if auto adds slashes
$oldpass=addslashes($_POST['password']);
$newpass=addslashes($_POST['password1']);
// the following command will take care of everything
mysql_query("UPDATE users SET password='{$newpass}' WHERE password='{$oldpass}' AND unit={$_COOKIE['unit']}");
// see if it was updated
if(mysql_affected_rows()) echo "Password changed"; else echo "Original password is incorrect";
} else echo "Your new passwords did not confirm";
}
?>
// here goes html form //
I'd also add check for new password length with strlen()
it's all made in 7 lines of code, but it can be 5 if your server does auto add slashes
ps: be carefull with sql injecitons. since I can my cookie[unit] to something bad. I suggest using:
$unit=addslashes($_COOKIE['unit']);
...AND unit='{$unit}' // in mysql_query
also you can just filter my { }. it's just good programming manners I use to keep.
my fault, I swapped the title and didn't look closely enough
ah the power of good titles ;)
