2
header("X-UA-Compatible: IE=edge,chrome=1");
3
$content="password.html.php";
4
$pagetitle="Change password";
2
header( "X-UA-Compatible: IE=edge,chrome=1" );
3
$content = "password.html.php";
4
$pagetitle = "Change password";
10
10
//Passwordchangingcode
11
if(isset($_POST['changePasswordSubmit'])){
12
//////////////////////////
13
$pdo = new PDO('mysql:dbname=dsystem;host=wwwlab.iki.his.se', 'dbsk', 'Tomten2009'); //ADD NEW USER WITH LESS PRIVILEGES?
14
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
15
//////////////////////////
11
if( isset( $_POST['changePasswordSubmit'] )) {
12
include '../../php/dbconnect.php';
16
13
$queryString = "SELECT Student.ssn FROM Student WHERE Student.loginName=:LOGIN AND Student.passw=:PASSW;";
18
$stmt = $pdo->prepare($queryString);
19
$stmt->bindParam(':LOGIN', $_POST['loginName']);
20
$oldPassword=md5($_POST['password']);
21
$stmt->bindParam(':PASSW', $oldPassword);
25
if ($stmt->rowCount() == 1) { //Old password correct
26
$student=$stmt->fetch(PDO::FETCH_ASSOC);
15
$stmt = $pdo->prepare( $queryString );
16
$stmt -> bindParam( ':LOGIN', $_POST['loginName'] );
17
$oldPassword = md5( $_POST['password'] );
18
$stmt -> bindParam( ':PASSW', $oldPassword );
21
if( $stmt -> rowCount() == 1 ) { //Old password correct
22
$student = $stmt -> fetch( PDO::FETCH_ASSOC );
27
23
//Update password to new password
28
24
$updateString = "UPDATE Student
29
SET Student.passw=:NEWPASSW
30
WHERE Student.ssn=:SSN
31
AND Student.loginName=:LOGIN;";
32
$updateStmt = $pdo->prepare($updateString);
33
$newPassword=md5($_POST['newPassword']);
34
$updateStmt->bindParam(':NEWPASSW', $newPassword);
35
$updateStmt->bindParam(':LOGIN', $_POST['loginName']);
36
$updateStmt->bindParam(':SSN', $student['ssn']);
37
$updateStmt->execute();
38
if($updateStmt->execute()){
39
$errorMsg="New password stored";
25
SET Student.passw=:NEWPASSW
26
WHERE Student.ssn=:SSN
27
AND Student.loginName=:LOGIN;";
28
$updateStmt = $pdo -> prepare( $updateString );
29
$newPassword = md5( $_POST['newPassword'] );
30
$updateStmt -> bindParam(':NEWPASSW', $newPassword );
31
$updateStmt -> bindParam(':LOGIN', $_POST['loginName'] );
32
$updateStmt -> bindParam(':SSN', $student['ssn'] );
33
$updateStmt -> execute();
34
if( $updateStmt -> execute()) {
35
$errorMsg = "New password stored";
41
$errorMsg="ERROR: Failed to change password";
37
$errorMsg = "ERROR: Failed to change password";