", print_r($_POST, true), ""; // If the user is logged in, he or she will have a cookie. // If no cookie exists, redirect user to login page. if(!isset($_COOKIE['user_id']) OR !isset($_COOKIE['first_name']) OR !isset($_COOKIE['sessionID']) ){ redirect_user(); exit(); } $sessionID = $_COOKIE['sessionID']; // Set the database access information as constants: DEFINE ('DB_USER', 'rcfraley'); DEFINE ('DB_PASSWORD', '*PASSWORD*'); DEFINE ('DB_HOST', 'yourpersonality.netfirmsmysql.com'); DEFINE ('DB_NAME', 'ullman'); // Make the connection: $dbc = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) OR die ('Could not connect to MySQL: ' . mysqli_connect_error() ); // Include external style sheet print " "; print "
"; print "
"; #------------------------ # Check to see if two passwords match # And, if so, update database with new password #------------------------ if($submit_change == 1){ // Make sure the two entries of the new password are idential $validated = 0; $sessionID = $_COOKIE['sessionID']; $id = $_COOKIE['user_id']; /* ================================== Using mysqli_real_escape_string ================================== */ $id = mysqli_real_escape_string($dbc, trim($id)); $sessionID = mysqli_real_escape_string($dbc, trim($sessionID)); $e = mysqli_real_escape_string($dbc, trim($e)); $q= "SELECT session, user_id, email FROM users WHERE (user_id='$id' AND session='$sessionID' AND email='$e') LIMIT 1"; $r = @mysqli_query ($dbc, $q); // Run the query. $num = mysqli_num_rows($r); if($num > 0){ $validated = 1; }else{ $error[] = "The email you entered does not match that on file. Please try again."; } if($password1 == $password2 AND $validated == 1 AND !empty($password1)){ $pp = SHA1($password1); /* ================================== Using mysqli_real_escape_string ================================== */ $id = mysqli_real_escape_string($dbc, trim($id)); $sessionID = mysqli_real_escape_string($dbc, trim($sessionID)); $e = mysqli_real_escape_string($dbc, trim($e)); $q= "UPDATE users SET pass='$pp' WHERE user_id='$id' AND session='$sessionID' AND email='$e' LIMIT 1"; $r = @mysqli_query ($dbc, $q); // Run the query. if ($r) { // If it ran OK. print "Your password was updated. Please note that you are still logged into the system. The next time you login you will need to use your new password.
"; print "Return to menu
"; }else{ print "The password was unable to update correctly. Please try again or contact the web administrator.
"; } }else{ $error[] = "Either the passwords you entered did not match or you entered an invalid email address. Please try again."; //print "The passwords do not match. Please try again.
"; $submit_change = 0; } } # end $create_account == 1 && $submit_create == 1 #------------------------ # Obtain new password information #------------------------ if($submit_change == 0){ print "
Change your Password

Please verify your e-mail address
My e-mail address is:

"; print "
Please choose a new password

Please type the new password again to protect against errors.


"; // Print any error messages that we have from previous submits and database queries if(!empty($error)){ print "
The following errors occurred:
"; foreach($error as $msg){ print "
    $msg
"; } print "
"; } } # end print "
"; mysqli_close($dbc); // Close the database connection. ?>