2 files changed, 46 insertions, 34 deletions
diff --git a/central/trunk/changepassword.php b/central/trunk/changepassword.php
index 84c7110..81fc5a7 100644
--- a/central/trunk/changepassword.php
+++ b/central/trunk/changepassword.php

@@ -5,52 +5,53 @@
 include('includes/instadisc.php');
 include('includes/template.php');
-if (!isset($_GET['submit']))
+if (isset($_SESSION['username']))
 {
-        showForm('','','',array());
+        if (!isset($_GET['submit']))
-} else {
-        $numOfErrors = 0;
-        $errors = array();
-        if ($_POST['old'] == '')
        {
-                addError($numOfErrors, $errors, 'old', 'Old Password is a required field');
+                showForm('','','',array());
        } else {
-                $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($_SESSION['username']) . "\" AND password = \"" . mysql_real_escape_string(md5($_POST['old'])) . "\"";
+                $numOfErrors = 0;
-                $getuser2 = mysql_query($getuser);
+                $errors = array();
-                $getuser3 = mysql_fetch_array($getuser2);
-                if ($getuser3['password'] != md5($_POST['password']))
+                if ($_POST['old'] == '')
                {
-                        addError($numOfErrors, $errors, 'old', 'Old password is not correct');
+                        addError($numOfErrors, $errors, 'old', 'Old Password is a required field');
+                } else {
+                        if (!instaDisc_verifyUser($_SESSION['username'], $_POST['old'])
+                        {
+                                addError($numOfErrors, $errors, 'old', 'Old password is not correct');
+                        }
                }
-        }
-        if ($_POST['new'] == '')
+                if ($_POST['new'] == '')
-        {
+                {
-                addError($numOfErrors, $errors, 'new', 'New Password is a required field');
+                        addError($numOfErrors, $errors, 'new', 'New Password is a required field');
-        }
+                }
-        if ($_POST['confirm'] == '')
+                if ($_POST['confirm'] == '')
-        {
+                {
-                addError($numOfErrors, $errors, 'confirm', 'Confirm New Password is a required field');
+                        addError($numOfErrors, $errors, 'confirm', 'Confirm New Password is a required field');
-        }
+                }
-        if ($_POST['new'] != $_POST['confirm'])
+                if ($_POST['new'] != $_POST['confirm'])
-        {
+                {
-                addError($numOfErrors, $errors, 'confirm', 'Passwords do not match');
+                        addError($numOfErrors, $errors, 'confirm', 'Passwords do not match');
-        }
+                }
-        if ($numOfErrors > 0)
+                if ($numOfErrors > 0)
-        {
+                {
-                showForm($_POST['old'], $_POST['new'], $_POST['confirm'], $errors);
+                        showForm($_POST['old'], $_POST['new'], $_POST['confirm'], $errors);
-        } else {
+                } else {
-                instaDisc_changePassword($_SESSION['username'], $_POST['new']);
+                        instaDisc_changePassword($_SESSION['username'], $_POST['new']);
-                $template = new FITemplate('changedpassword');
+                        $template = new FITemplate('changedpassword');
-                $template->add('SITENAME', instaDisc_getConfig('siteName'));
+                        $template->add('SITENAME', instaDisc_getConfig('siteName'));
-                $template->display();
+                        $template->display();
+                }
        }
+} else {
+        header('Location: index.php');
 }
 function showForm($old, $new, $confirm, $errors)
diff --git a/central/trunk/logout.php b/central/trunk/logout.php
new file mode 100644
index 0000000..e915329
--- /dev/null
+++ b/central/trunk/logout.php

@@ -0,0 +1,11 @@
+<?php
+/* InstaDisc Server - A Four Island Project */
+include('includes/instadisc.php');
+unset($_SESSION['username']);
+header('Location: index.php');
+?>

diff --git a/central/trunk/changepassword.php b/central/trunk/changepassword.php index 84c7110..81fc5a7 100644 --- a/central/trunk/changepassword.php +++ b/central/trunk/changepassword.php
@@ -5,52 +5,53 @@
5	include('includes/instadisc.php');	5	include('includes/instadisc.php');
6	include('includes/template.php');	6	include('includes/template.php');
7		7
8	if (!isset($_GET['submit']))	8	if (isset($_SESSION['username']))
9	{	9	{
10	showForm('','','',array());	10	if (!isset($_GET['submit']))
11	} else {
12	$numOfErrors = 0;
13	$errors = array();
14
15	if ($_POST['old'] == '')
16	{	11	{
17	addError($numOfErrors, $errors, 'old', 'Old Password is a required field');	12	showForm('','','',array());
18	} else {	13	} else {
19	$getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($_SESSION['username']) . "\" AND password = \"" . mysql_real_escape_string(md5($_POST['old'])) . "\"";	14	$numOfErrors = 0;
20	$getuser2 = mysql_query($getuser);	15	$errors = array();
21	$getuser3 = mysql_fetch_array($getuser2);
22		16
23	if ($getuser3['password'] != md5($_POST['password']))	17	if ($_POST['old'] == '')
24	{	18	{
25	addError($numOfErrors, $errors, 'old', 'Old password is not correct');	19	addError($numOfErrors, $errors, 'old', 'Old Password is a required field');
		20	} else {
		21	if (!instaDisc_verifyUser($_SESSION['username'], $_POST['old'])
		22	{
		23	addError($numOfErrors, $errors, 'old', 'Old password is not correct');
		24	}
26	}	25	}
27	}
28		26
29	if ($_POST['new'] == '')	27	if ($_POST['new'] == '')
30	{	28	{
31	addError($numOfErrors, $errors, 'new', 'New Password is a required field');	29	addError($numOfErrors, $errors, 'new', 'New Password is a required field');
32	}	30	}
33		31
34	if ($_POST['confirm'] == '')	32	if ($_POST['confirm'] == '')
35	{	33	{
36	addError($numOfErrors, $errors, 'confirm', 'Confirm New Password is a required field');	34	addError($numOfErrors, $errors, 'confirm', 'Confirm New Password is a required field');
37	}	35	}
38		36
39	if ($_POST['new'] != $_POST['confirm'])	37	if ($_POST['new'] != $_POST['confirm'])
40	{	38	{
41	addError($numOfErrors, $errors, 'confirm', 'Passwords do not match');	39	addError($numOfErrors, $errors, 'confirm', 'Passwords do not match');
42	}	40	}
43		41
44	if ($numOfErrors > 0)	42	if ($numOfErrors > 0)
45	{	43	{
46	showForm($_POST['old'], $_POST['new'], $_POST['confirm'], $errors);	44	showForm($_POST['old'], $_POST['new'], $_POST['confirm'], $errors);
47	} else {	45	} else {
48	instaDisc_changePassword($_SESSION['username'], $_POST['new']);	46	instaDisc_changePassword($_SESSION['username'], $_POST['new']);
49		47
50	$template = new FITemplate('changedpassword');	48	$template = new FITemplate('changedpassword');
51	$template->add('SITENAME', instaDisc_getConfig('siteName'));	49	$template->add('SITENAME', instaDisc_getConfig('siteName'));
52	$template->display();	50	$template->display();
		51	}
53	}	52	}
		53	} else {
		54	header('Location: index.php');
54	}	55	}
55		56
56	function showForm($old, $new, $confirm, $errors)	57	function showForm($old, $new, $confirm, $errors)


diff --git a/central/trunk/logout.php b/central/trunk/logout.php new file mode 100644 index 0000000..e915329 --- /dev/null +++ b/central/trunk/logout.php
@@ -0,0 +1,11 @@
		1	<?php
		2
		3	/* InstaDisc Server - A Four Island Project */
		4
		5	include('includes/instadisc.php');
		6
		7	unset($_SESSION['username']);
		8
		9	header('Location: index.php');
		10
		11	?>