1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
<?php
header("X-UA-Compatible: IE=edge,chrome=1");
$content="password.html.php";
$pagetitle="Change password";
// echo "<pre>";
// print_r($_POST);
// echo "</pre>";
//Passwordchangingcode
if(isset($_POST['changePasswordSubmit'])) {
include '../../php/dbconnect.php';
$queryString = "SELECT Student.ssn FROM Student WHERE Student.loginName=:LOGIN AND Student.passw=:PASSW;";
$stmt = $pdo->prepare($queryString);
$stmt->bindParam(':LOGIN', $_POST['loginName']);
$oldPassword=md5($_POST['password']);
$stmt->bindParam(':PASSW', $oldPassword);
$stmt->execute();
if ($stmt->rowCount() == 1) { //Old password correct
$student=$stmt->fetch(PDO::FETCH_ASSOC);
//Update password to new password
$updateString = "UPDATE Student
SET Student.passw=:NEWPASSW
WHERE Student.ssn=:SSN
AND Student.loginName=:LOGIN;";
$updateStmt = $pdo->prepare($updateString);
$newPassword=md5($_POST['newPassword']);
$updateStmt->bindParam(':NEWPASSW', $newPassword);
$updateStmt->bindParam(':LOGIN', $_POST['loginName']);
$updateStmt->bindParam(':SSN', $student['ssn']);
$updateStmt->execute();
if($updateStmt->execute()) {
$errorMsg="New password stored";
} else {
$errorMsg="ERROR: Failed to change password";
}
}
}
include $content;
?>
|