", print_r($_POST, true), ""; // If the user is logged in, he or she will have a cookie. // If no cookie exists, redirect user to login page. if(!isset($_COOKIE['user_id']) OR !isset($_COOKIE['first_name']) OR !isset($_COOKIE['sessionID']) ){ redirect_user(); exit(); } $sessionID = $_COOKIE['sessionID']; // Set the database access information as constants: DEFINE ('DB_USER', 'rcfraley'); DEFINE ('DB_PASSWORD', '*PASSWORD*'); DEFINE ('DB_HOST', 'yourpersonality.netfirmsmysql.com'); DEFINE ('DB_NAME', 'ullman'); // Make the connection: $dbc = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) OR die ('Could not connect to MySQL: ' . mysqli_connect_error() ); // Include external style sheet print "
"; print "";
#------------------------
# Check to see if two passwords match
# And, if so, update database with new password
#------------------------
if($submit_change == 1){
// Make sure the two entries of the new password are idential
$validated = 0;
$sessionID = $_COOKIE['sessionID'];
$id = $_COOKIE['user_id'];
/*
==================================
Using mysqli_real_escape_string
==================================
*/
$id = mysqli_real_escape_string($dbc, trim($id));
$sessionID = mysqli_real_escape_string($dbc, trim($sessionID));
$e = mysqli_real_escape_string($dbc, trim($e));
$q= "SELECT session, user_id, email FROM users WHERE (user_id='$id' AND session='$sessionID' AND email='$e') LIMIT 1";
$r = @mysqli_query ($dbc, $q); // Run the query.
$num = mysqli_num_rows($r);
if($num > 0){
$validated = 1;
}else{
$error[] = "The email you entered does not match that on file. Please try again.";
}
if($password1 == $password2 AND $validated == 1 AND !empty($password1)){
$pp = SHA1($password1);
/*
==================================
Using mysqli_real_escape_string
==================================
*/
$id = mysqli_real_escape_string($dbc, trim($id));
$sessionID = mysqli_real_escape_string($dbc, trim($sessionID));
$e = mysqli_real_escape_string($dbc, trim($e));
$q= "UPDATE users SET pass='$pp' WHERE user_id='$id' AND session='$sessionID' AND email='$e' LIMIT 1";
$r = @mysqli_query ($dbc, $q); // Run the query.
if ($r) { // If it ran OK.
print "Your password was updated. Please note that you are still logged into the system. The next time you login you will need to use your new password. "; print "Return to menu "; }else{ print "The password was unable to update correctly. Please try again or contact the web administrator. "; } }else{ $error[] = "Either the passwords you entered did not match or you entered an invalid email address. Please try again."; //print "The passwords do not match. Please try again. "; $submit_change = 0; } } # end $create_account == 1 && $submit_create == 1 #------------------------ # Obtain new password information #------------------------ if($submit_change == 0){ print " Change your Password "; // Print any error messages that we have from previous submits and database queries if(!empty($error)){ print " The following errors occurred: ";
}
} # end
print ""; foreach($error as $msg){ print "
|