diff options
Diffstat (limited to 'central')
-rw-r--r-- | central/trunk/changepassword.php | 69 | ||||
-rw-r--r-- | central/trunk/logout.php | 11 |
2 files changed, 46 insertions, 34 deletions
diff --git a/central/trunk/changepassword.php b/central/trunk/changepassword.php index 84c7110..81fc5a7 100644 --- a/central/trunk/changepassword.php +++ b/central/trunk/changepassword.php | |||
@@ -5,52 +5,53 @@ | |||
5 | include('includes/instadisc.php'); | 5 | include('includes/instadisc.php'); |
6 | include('includes/template.php'); | 6 | include('includes/template.php'); |
7 | 7 | ||
8 | if (!isset($_GET['submit'])) | 8 | if (isset($_SESSION['username'])) |
9 | { | 9 | { |
10 | showForm('','','',array()); | 10 | if (!isset($_GET['submit'])) |
11 | } else { | ||
12 | $numOfErrors = 0; | ||
13 | $errors = array(); | ||
14 | |||
15 | if ($_POST['old'] == '') | ||
16 | { | 11 | { |
17 | addError($numOfErrors, $errors, 'old', 'Old Password is a required field'); | 12 | showForm('','','',array()); |
18 | } else { | 13 | } else { |
19 | $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($_SESSION['username']) . "\" AND password = \"" . mysql_real_escape_string(md5($_POST['old'])) . "\""; | 14 | $numOfErrors = 0; |
20 | $getuser2 = mysql_query($getuser); | 15 | $errors = array(); |
21 | $getuser3 = mysql_fetch_array($getuser2); | ||
22 | 16 | ||
23 | if ($getuser3['password'] != md5($_POST['password'])) | 17 | if ($_POST['old'] == '') |
24 | { | 18 | { |
25 | addError($numOfErrors, $errors, 'old', 'Old password is not correct'); | 19 | addError($numOfErrors, $errors, 'old', 'Old Password is a required field'); |
20 | } else { | ||
21 | if (!instaDisc_verifyUser($_SESSION['username'], $_POST['old']) | ||
22 | { | ||
23 | addError($numOfErrors, $errors, 'old', 'Old password is not correct'); | ||
24 | } | ||
26 | } | 25 | } |
27 | } | ||
28 | 26 | ||
29 | if ($_POST['new'] == '') | 27 | if ($_POST['new'] == '') |
30 | { | 28 | { |
31 | addError($numOfErrors, $errors, 'new', 'New Password is a required field'); | 29 | addError($numOfErrors, $errors, 'new', 'New Password is a required field'); |
32 | } | 30 | } |
33 | 31 | ||
34 | if ($_POST['confirm'] == '') | 32 | if ($_POST['confirm'] == '') |
35 | { | 33 | { |
36 | addError($numOfErrors, $errors, 'confirm', 'Confirm New Password is a required field'); | 34 | addError($numOfErrors, $errors, 'confirm', 'Confirm New Password is a required field'); |
37 | } | 35 | } |
38 | 36 | ||
39 | if ($_POST['new'] != $_POST['confirm']) | 37 | if ($_POST['new'] != $_POST['confirm']) |
40 | { | 38 | { |
41 | addError($numOfErrors, $errors, 'confirm', 'Passwords do not match'); | 39 | addError($numOfErrors, $errors, 'confirm', 'Passwords do not match'); |
42 | } | 40 | } |
43 | 41 | ||
44 | if ($numOfErrors > 0) | 42 | if ($numOfErrors > 0) |
45 | { | 43 | { |
46 | showForm($_POST['old'], $_POST['new'], $_POST['confirm'], $errors); | 44 | showForm($_POST['old'], $_POST['new'], $_POST['confirm'], $errors); |
47 | } else { | 45 | } else { |
48 | instaDisc_changePassword($_SESSION['username'], $_POST['new']); | 46 | instaDisc_changePassword($_SESSION['username'], $_POST['new']); |
49 | 47 | ||
50 | $template = new FITemplate('changedpassword'); | 48 | $template = new FITemplate('changedpassword'); |
51 | $template->add('SITENAME', instaDisc_getConfig('siteName')); | 49 | $template->add('SITENAME', instaDisc_getConfig('siteName')); |
52 | $template->display(); | 50 | $template->display(); |
51 | } | ||
53 | } | 52 | } |
53 | } else { | ||
54 | header('Location: index.php'); | ||
54 | } | 55 | } |
55 | 56 | ||
56 | function showForm($old, $new, $confirm, $errors) | 57 | function showForm($old, $new, $confirm, $errors) |
diff --git a/central/trunk/logout.php b/central/trunk/logout.php new file mode 100644 index 0000000..e915329 --- /dev/null +++ b/central/trunk/logout.php | |||
@@ -0,0 +1,11 @@ | |||
1 | <?php | ||
2 | |||
3 | /* InstaDisc Server - A Four Island Project */ | ||
4 | |||
5 | include('includes/instadisc.php'); | ||
6 | |||
7 | unset($_SESSION['username']); | ||
8 | |||
9 | header('Location: index.php'); | ||
10 | |||
11 | ?> | ||