changepassword.php

   1 <?php
   2 ob_start(); // This is cheating
   3 require 'config.php';
   4
   5 $require_login = true;
   6 $page_name = 'Change Password';
   7 $level_restriction = NEW_USER;
   8 require 'top.inc.php';
   9 require 'encryption.inc.php';
  10
  11 if (isset ($_POST['submit']))
  12 {
  13         if ( $userinfo['password'] != encrypt($_POST['old_pw'], $userinfo['register_ip']) )
  14                 echo '<div class="alert">Your current password does not match the one entered.</div>';
  15         elseif ( $_POST['new_pw'] != $_POST['confirm_pw'] )
  16                 echo '<div class="alert">Your new passwords do not match.</div>';
  17         else {
  18                 mysql_query('UPDATE `users` SET `password` = \''.mysql_real_escape_string(encrypt($_POST['new_pw'], $userinfo['register_ip'])).'\' WHERE
  19 `username` = \''.mysql_real_escape_string ($userinfo['username']).'\' AND
  20 `password` = \''.mysql_real_escape_string (encrypt ($_POST['old_pw'], $userinfo['regip'])).'\' LIMIT 1');
  21                 setcookie('password', encrypt ($_POST['new_pw'], $userinfo['regip']), time()+7776000);
  22                 stop('Password successfully changed.');
  23         }
  24 }
  25
  26 echo '
  27 <form method="post" action="',$_SERVER['PHP_SELF'],URL_STRING,'">
  28 <dl class=',colour(),'>
  29 <dt>Current Password</dt>
  30 <dd><input type="password" maxlength="40" size="40" name="old_pw"/></dd>
  31 <dt>New Password</dt>
  32 <dd><input type="password" maxlength="40" size="40" name="new_pw"/></dd>
  33 <dt>Confirm new password</dt>
  34 <dd><input type="password" maxlength="40" size="40" name="confirm_pw"/></dd>
  35 </dl>
  36 <input type="submit" name="submit" value="Change"/>
  37 </form>
  38 ';
  39
  40 require ('foot.php');
  41 ?>