website/chpass.php
2007-03-26 07:59:59 +00:00

70 lines
2 KiB
PHP

<? // Preamble
$pageName = "Change Password";
$need = 'auth';
require "parts/preamble.php"; // Load most of document
$test = $_POST['test'];
$oldpass = addSlashes ($_POST['oldpass']);
$newpass = addSlashes ($_POST['newpass']);
$confirm = addSlashes ($_POST['confirm']);
$user = $userInfo['u_username'];
need ('sql');
function chkpass ($pass, $copy) {
global $passwdError;
$ret = false;
$passwdError = null;
if ($pass && $copy && $pass == $copy && strlen ($pass) > 5) {
$ret = true;
} else {
if (!$pass) {
$passwdError = "No password given!";
} elseif ((!$copy) || ($pass != $copy)) {
$passwdError = "Passwords don't match!";
} elseif (strlen ($pass) <= 5) {
$passwdError = "Password too short.";
} else {
$passwdError = "Unknown";
}
}
return $ret;
}
if ($test) {
if (chkpass ($newpass, $confirm)) {
$query = "UPDATE members SET u_password=ENCRYPT('$newpass', '$user')"
." WHERE u_username='$user'"
." AND u_password=ENCRYPT('$oldpass', '$user')";
$result = sqlWriteQuery ($query);
if ($result === null) {
echo "<P>Sorry, couldn't talk to the database. Nothing changed.</P>";
} elseif ($result === false) {
echo "<P>Something went wrong, MySQL said '$sqlError'.</P>";
} elseif ($result == 0) {
echo "<P>Your old password was entered incorrectly, or was the same as the old one.</P>";
} elseif ($result == 1) {
echo "<P>Your password has been changed.</P>";
} else {
echo "<P>Uh oh, SERIOUSLY bad mojo. Find Deek ASAP!</P>";
}
} else {
echo $passwdError;
}
} else {
?>
<FORM action="<? thisURL ?>" method="post">
<P>Old Password: <INPUT name="oldpass" size="12" type="password" value="<?=$oldpass?>"></P>
<P>New Password: <INPUT name="newpass" size="12" type="password" value="<?=$newpass?>"></P>
<P>Confirm: <INPUT name="confirm" size="12" type="password" value="<?=$confirm?>"></P>
<INPUT name="test" type="hidden" value="1">
<INPUT type="submit" name="Change Password" value="Change Password">
</FORM>
<?
}
?>