/lenasys/0.1

To get this branch, use:
bzr branch http://gegoxaren.bato24.eu/bzr/lenasys/0.1

« back to all changes in this revision

Viewing changes to trunk/DuggaSys/changePassword/index.php

  • Committer: Henrik G.
  • Date: 2013-03-26 23:22:55 UTC
  • Revision ID: henrik.gustavsson@his.se-20130326232255-ik6snyatlbkf3zs1
First seed of Lenasys ... Needs to be Organized Further

Show diffs side-by-side

added added

removed removed

Lines of Context:
trunk/DuggaSys/changePassword/index.php
 
1
<?php
 
2
        header("X-UA-Compatible: IE=edge,chrome=1");
 
3
        $content="password.html.php";
 
4
        $pagetitle="Change password";
 
5
        
 
6
        // echo "<pre>";
 
7
        // print_r($_POST);
 
8
        // echo "</pre>";
 
9
        
 
10
        //Passwordchangingcode
 
11
        if(isset($_POST['changePasswordSubmit'])){
 
12
                //////////////////////////
 
13
                $pdo = new PDO('mysql:dbname=dsystem;host=wwwlab.iki.his.se', 'dbsk', 'Tomten2009'); //ADD NEW USER WITH LESS PRIVILEGES?
 
14
        $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
 
15
        //////////////////////////
 
16
                $queryString = "SELECT Student.ssn FROM Student WHERE Student.loginName=:LOGIN AND Student.passw=:PASSW;";
 
17
 
 
18
        $stmt = $pdo->prepare($queryString);
 
19
        $stmt->bindParam(':LOGIN', $_POST['loginName']);
 
20
        $oldPassword=md5($_POST['password']);
 
21
                $stmt->bindParam(':PASSW', $oldPassword);
 
22
 
 
23
        $stmt->execute();
 
24
 
 
25
        if ($stmt->rowCount() == 1) { //Old password correct
 
26
                        $student=$stmt->fetch(PDO::FETCH_ASSOC);
 
27
                        //Update password to new password
 
28
                        $updateString = "UPDATE Student 
 
29
                                                        SET Student.passw=:NEWPASSW
 
30
                                                        WHERE Student.ssn=:SSN
 
31
                                                                AND Student.loginName=:LOGIN;";
 
32
                        $updateStmt = $pdo->prepare($updateString);
 
33
                        $newPassword=md5($_POST['newPassword']);
 
34
                        $updateStmt->bindParam(':NEWPASSW', $newPassword);
 
35
                        $updateStmt->bindParam(':LOGIN', $_POST['loginName']);
 
36
                        $updateStmt->bindParam(':SSN', $student['ssn']);
 
37
                        $updateStmt->execute();
 
38
                        if($updateStmt->execute()){
 
39
                                $errorMsg="New password stored";
 
40
                        } else {
 
41
                                $errorMsg="ERROR: Failed to change password";
 
42
                        }
 
43
                }
 
44
        }
 
45
        
 
46
        include $content;
 
47
?>
 
 
b'\\ No newline at end of file'