", print_r($_POST, true), ""; // If the user is logged in, he or she will have a cookie. // If no cookie exists, redirect user to login page. if(!isset($_COOKIE['user_id']) OR !isset($_COOKIE['first_name']) OR !isset($_COOKIE['sessionID']) ){ redirect_user(); exit(); } $sessionID = $_COOKIE['sessionID']; // Set the database access information as constants: DEFINE ('DB_USER', 'rcfraley'); DEFINE ('DB_PASSWORD', '*PASSWORD*'); DEFINE ('DB_HOST', 'yourpersonality.netfirmsmysql.com'); DEFINE ('DB_NAME', 'ullman'); // Make the connection: $dbc = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) OR die ('Could not connect to MySQL: ' . mysqli_connect_error() ); // Include external style sheet print "
"; print "";
#------------------------
# Check to see if two passwords match
# And, if so, update database with new password
#------------------------
if($submit_change == 1){
// Make sure the two entries of the new password are idential
$validated = 0;
$sessionID = $_COOKIE['sessionID'];
$id = $_COOKIE['user_id'];
$q= "SELECT session, user_id FROM users WHERE user_id='$id' AND session='$sessionID' LIMIT 1";
$r = @mysqli_query ($dbc, $q); // Run the query.
if($r){
$validated = 1;
}
if($password1 == $password2 AND $validated == 1){
$pp = SHA1($password1);
//$q= "UPDATE users SET pass='$pp' WHERE user_id='$id' LIMIT 1"; didn't work
$q= "UPDATE users SET pass='$pp' WHERE user_id='$id' AND session='$sessionID' LIMIT 1";
$r = @mysqli_query ($dbc, $q); // Run the query.
if ($r) { // If it ran OK.
print "Your password was updated. Please note that you are still logged into the system. The next time you login you will need to use your new password. "; print "Return to menu "; }else{ print "The password was unable to update correctly. Please try again or contact the web administrator. "; } }else{ $error[] = "The passwords you entered do not match."; print "The passwords do not match. Please try again. "; } } # end $create_account == 1 && $submit_create == 1 #------------------------ # Obtain new password information #------------------------ if($submit_change == 0){ print " Change your Password "; } # end print " |