-
Notifications
You must be signed in to change notification settings - Fork 0
/
change_password.php
60 lines (56 loc) · 2.29 KB
/
change_password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<?php ob_start();
$page_title = 'Change Password';
require_once('includes/load.php');
// Checkin What level user has permission to view this page
page_require_level(3);
?>
<?php $user = current_user(); ?>
<?php
if(isset($_POST['update'])){
$req_fields = array('new-password','old-password','id' );
validate_fields($req_fields);
if(empty($errors)){
if(sha1($_POST['old-password']) !== current_user()['password'] ){
$session->msg('d', "Your old password not match");
redirect('change_password.php',false);
}
$id = (int)$_POST['id'];
$new = remove_junk($db->escape(sha1($_POST['new-password'])));
$sql = "UPDATE users SET password ='{$new}' WHERE id='{$db->escape($id)}'";
$result = $db->query($sql);
if($result && $db->affected_rows() === 1):
$session->logout();
$session->msg('s',"Login with your new password.");
redirect('index.php', false);
else:
$session->msg('d',' Sorry failed to updated!');
redirect('change_password.php', false);
endif;
} else {
$session->msg("d", $errors);
redirect('change_password.php',false);
}
}
?>
<?php include_once('layouts/header.php'); ?>
<div class="login-page">
<div class="text-center">
<h3>Change your password</h3>
</div>
<?php echo display_msg($msg); ?>
<form method="post" action="change_password.php" class="clearfix">
<div class="form-group">
<label for="newPassword" class="control-label">New password</label>
<input type="password" class="form-control" name="new-password" placeholder="New password">
</div>
<div class="form-group">
<label for="oldPassword" class="control-label">Old password</label>
<input type="password" class="form-control" name="old-password" placeholder="Old password">
</div>
<div class="form-group clearfix">
<input type="hidden" name="id" value="<?php echo (int)$user['id'];?>">
<button type="submit" name="update" class="btn btn-info">Change</button>
</div>
</form>
</div>
<?php include_once('layouts/footer.php'); ?>