-
Notifications
You must be signed in to change notification settings - Fork 0
/
update_password_action.php
107 lines (91 loc) · 3.97 KB
/
update_password_action.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
<?php
include("{$_SERVER['DOCUMENT_ROOT']}/header.php");
if(!isset($_POST['ConfirmOldPassword']))
{
print("<span class=\"error\">Invalid request. Please return to another area of the forum.</span>");
}
else
{
?>
<?php
extract($_POST);
$UserName = $_SESSION['UserName'];
$queryGetPassword = "SELECT Password FROM users WHERE UserName = '".$UserName."'";
$result = mysql_query($queryGetPassword);
$numRows = mysql_fetch_array($result);
$Password = $numRows[0];
$change_password_search_pattern = "/^[_0-9a-z-]{6,20}$/i";
// set up some flags to make upcoming if statements easier
if($ConfirmOldPassword == "")
$ConfirmOldPasswordIsBlank = 1;
else
$ConfirmOldPasswordIsBlank = 0;
if($NewPassword == "")
$NewPasswordIsBlank = 1;
else
$NewPasswordIsBlank = 0;
if($ConfirmNewPassword == "")
$ConfirmNewPasswordIsBlank = 1;
else
$ConfirmNewPasswordIsBlank = 0;
$PasswordError = 0;
$ConfirmOldPassword = MD5($ConfirmOldPassword);
// if all fields are blank
if($ConfirmOldPasswordIsBlank && $NewPasswordIsBlank && $ConfirmNewPasswordIsBlank)
{
$PasswordError = 1;
//$_SESSION['PasswordError'] = $PasswordError;
die(include("{$_SERVER['DOCUMENT_ROOT']}/update_password_action_error.php")); // terminate script execution
}
// if confirm old password is blank and any other fields have entries
else if($ConfirmOldPasswordIsBlank && (!$NewPasswordIsBlank || !$ConfirmNewPasswordIsBlank))
{
$PasswordError = 2;
//$_SESSION['PasswordError'] = $PasswordError;
die(include("{$_SERVER['DOCUMENT_ROOT']}/update_password_action_error.php")); // terminate script execution
}
// if confirm old password (is not blank and) does not match current password
else if(!$ConfirmOldPasswordIsBlank && ($Password != $ConfirmOldPassword))
{
$PasswordError = 3;
//$_SESSION['PasswordError'] = $PasswordError;
die(include("{$_SERVER['DOCUMENT_ROOT']}/update_password_action_error.php")); // terminate script execution
}
// if confirm old password is not blank and matches current password, and all other fields are blank
else if(!$ConfirmOldPasswordIsBlank && $NewPasswordIsBlank && $ConfirmNewPasswordIsBlank)
{
$PasswordError = 4;
//$_SESSION['PasswordError'] = $PasswordError;
die(include("{$_SERVER['DOCUMENT_ROOT']}/update_password_action_error.php")); // terminate script execution
}
// if confirm old password matches current password, and New Password and Confirm New Password don't match
else if(!$ConfirmOldPasswordIsBlank && ((!$NewPasswordIsBlank || !$ConfirmNewPasswordIsBlank) && $NewPassword != $ConfirmNewPassword))
{
$PasswordError = 5;
//$_SESSION['PasswordError'] = $PasswordError;
die(include("{$_SERVER['DOCUMENT_ROOT']}/update_password_action_error.php")); // terminate script execution
}
// if confirm old password matches current password, and New Password matches Confirm New Password, but don't conform to correct password format
else if(!$ConfirmOldPasswordIsBlank && ((!$NewPasswordIsBlank || !$ConfirmNewPasswordIsBlank) && $NewPassword == $ConfirmNewPassword))
{
if(!preg_match($change_password_search_pattern, $NewPassword) || !preg_match($change_password_search_pattern, $ConfirmNewPassword))
{
$PasswordError = 6;
//$_SESSION['PasswordError'] = $PasswordError;
die(include("{$_SERVER['DOCUMENT_ROOT']}/update_password_action_error.php")); // terminate script execution
}
else
{
$PasswordError = 0;
//$_SESSION['PasswordError'] = $PasswordError;
// UNCOMMENT THESE LATER - JUST TAKING OUT FUNCTIONALITY FOR NOW - THEY WORK CORRECTLY:
$queryUpdatePassword = "UPDATE users SET Password = '".MD5($NewPassword)."' WHERE UserName = '".$UserName."'";
mysql_query($queryUpdatePassword);
die(include("{$_SERVER['DOCUMENT_ROOT']}/update_password_action_error.php")); // terminate script execution
}
}
?>
<?php
} // end else from top of file if statement
include("{$_SERVER['DOCUMENT_ROOT']}/footer.php");
?>