/lenasys/0.1

To get this branch, use:
bzr branch http://gegoxaren.bato24.eu/bzr/lenasys/0.1

« back to all changes in this revision

Viewing changes to trunk/DuggaSys/changePassword/index.php

  • Committer: gustav.hartvigsson at gmail
  • Date: 2013-04-02 13:00:31 UTC
  • mfrom: (4.7.8 GammaBear)
  • Revision ID: gustav.hartvigsson@gmail.com-20130402130031-442y89s0cfzmw3r2
Merged stuff.

Show diffs side-by-side

added added

removed removed

Lines of Context:
trunk/DuggaSys/changePassword/index.php
8
8
        // echo "</pre>";
9
9
        
10
10
        //Passwordchangingcode
11
 
        if(isset($_POST['changePasswordSubmit'])){
12
 
                //////////////////////////
 
11
        if(isset($_POST['changePasswordSubmit'])) {
13
12
                $pdo = new PDO('mysql:dbname=dsystem;host=wwwlab.iki.his.se', 'dbsk', 'Tomten2009'); //ADD NEW USER WITH LESS PRIVILEGES?
14
 
        $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
15
 
        //////////////////////////
 
13
                $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
16
14
                $queryString = "SELECT Student.ssn FROM Student WHERE Student.loginName=:LOGIN AND Student.passw=:PASSW;";
17
15
 
18
 
        $stmt = $pdo->prepare($queryString);
19
 
        $stmt->bindParam(':LOGIN', $_POST['loginName']);
20
 
        $oldPassword=md5($_POST['password']);
 
16
                $stmt = $pdo->prepare($queryString);
 
17
                $stmt->bindParam(':LOGIN', $_POST['loginName']);
 
18
                $oldPassword=md5($_POST['password']);
21
19
                $stmt->bindParam(':PASSW', $oldPassword);
22
 
 
23
 
        $stmt->execute();
24
 
 
25
 
        if ($stmt->rowCount() == 1) { //Old password correct
 
20
                $stmt->execute();
 
21
 
 
22
                if ($stmt->rowCount() == 1) { //Old password correct
26
23
                        $student=$stmt->fetch(PDO::FETCH_ASSOC);
27
24
                        //Update password to new password
28
25
                        $updateString = "UPDATE Student 
35
32
                        $updateStmt->bindParam(':LOGIN', $_POST['loginName']);
36
33
                        $updateStmt->bindParam(':SSN', $student['ssn']);
37
34
                        $updateStmt->execute();
38
 
                        if($updateStmt->execute()){
 
35
                        if($updateStmt->execute()) {
39
36
                                $errorMsg="New password stored";
40
37
                        } else {
41
38
                                $errorMsg="ERROR: Failed to change password";