/lenasys/trunk

To get this branch, use:
bzr branch http://gegoxaren.bato24.eu/bzr/lenasys/trunk

« back to all changes in this revision

Viewing changes to DuggaSys/changePassword/index.php

  • Committer: a11vikob
  • Date: 2013-04-05 08:08:29 UTC
  • mto: (19.4.2 lenasys)
  • mto: This revision was merged to the branch mainline in revision 21.
  • Revision ID: a11vikob@student.his.se-20130405080829-roolb0deaso3gmvb
Fixed hopefully everything in Bug #1164597

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?php
2
 
        header("X-UA-Compatible: IE=edge,chrome=1");
3
 
        $content="password.html.php";
4
 
        $pagetitle="Change password";
 
2
        header( "X-UA-Compatible: IE=edge,chrome=1" );
 
3
        $content = "password.html.php";
 
4
        $pagetitle = "Change password";
5
5
        
6
6
        // echo "<pre>";
7
7
        // print_r($_POST);
8
8
        // echo "</pre>";
9
9
        
10
10
        //Passwordchangingcode
11
 
        if(isset($_POST['changePasswordSubmit'])){
12
 
                //////////////////////////
13
 
                $pdo = new PDO('mysql:dbname=dsystem;host=wwwlab.iki.his.se', 'dbsk', 'Tomten2009'); //ADD NEW USER WITH LESS PRIVILEGES?
14
 
        $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
15
 
        //////////////////////////
 
11
        if( isset( $_POST['changePasswordSubmit'] )) {
 
12
                include '../../php/dbconnect.php';
16
13
                $queryString = "SELECT Student.ssn FROM Student WHERE Student.loginName=:LOGIN AND Student.passw=:PASSW;";
17
14
 
18
 
        $stmt = $pdo->prepare($queryString);
19
 
        $stmt->bindParam(':LOGIN', $_POST['loginName']);
20
 
        $oldPassword=md5($_POST['password']);
21
 
                $stmt->bindParam(':PASSW', $oldPassword);
22
 
 
23
 
        $stmt->execute();
24
 
 
25
 
        if ($stmt->rowCount() == 1) { //Old password correct
26
 
                        $student=$stmt->fetch(PDO::FETCH_ASSOC);
 
15
                $stmt = $pdo->prepare( $queryString );
 
16
                $stmt -> bindParam( ':LOGIN', $_POST['loginName'] );
 
17
                $oldPassword = md5( $_POST['password'] );
 
18
                $stmt -> bindParam( ':PASSW', $oldPassword );
 
19
                $stmt -> execute();
 
20
 
 
21
                if( $stmt -> rowCount() == 1 ) { //Old password correct
 
22
                        $student = $stmt -> fetch( PDO::FETCH_ASSOC );
27
23
                        //Update password to new password
28
24
                        $updateString = "UPDATE Student 
29
 
                                                        SET Student.passw=:NEWPASSW
30
 
                                                        WHERE Student.ssn=:SSN
31
 
                                                                AND Student.loginName=:LOGIN;";
32
 
                        $updateStmt = $pdo->prepare($updateString);
33
 
                        $newPassword=md5($_POST['newPassword']);
34
 
                        $updateStmt->bindParam(':NEWPASSW', $newPassword);
35
 
                        $updateStmt->bindParam(':LOGIN', $_POST['loginName']);
36
 
                        $updateStmt->bindParam(':SSN', $student['ssn']);
37
 
                        $updateStmt->execute();
38
 
                        if($updateStmt->execute()){
39
 
                                $errorMsg="New password stored";
 
25
                                SET Student.passw=:NEWPASSW
 
26
                                WHERE Student.ssn=:SSN
 
27
                                AND Student.loginName=:LOGIN;";
 
28
                        $updateStmt = $pdo -> prepare( $updateString );
 
29
                        $newPassword = md5( $_POST['newPassword'] );
 
30
                        $updateStmt -> bindParam(':NEWPASSW', $newPassword );
 
31
                        $updateStmt -> bindParam(':LOGIN', $_POST['loginName'] );
 
32
                        $updateStmt -> bindParam(':SSN', $student['ssn'] );
 
33
                        $updateStmt -> execute();
 
34
                        if( $updateStmt -> execute()) {
 
35
                                $errorMsg = "New password stored";
40
36
                        } else {
41
 
                                $errorMsg="ERROR: Failed to change password";
 
37
                                $errorMsg = "ERROR: Failed to change password";
42
38
                        }
43
39
                }
44
40
        }