/lenasys/trunk

To get this branch, use:
bzr branch http://gegoxaren.bato24.eu/bzr/lenasys/trunk

« back to all changes in this revision

Viewing changes to DuggaSys/changePassword/index.php

  • Committer: Gustav Hatvigsson
  • Date: 2013-05-28 14:01:47 UTC
  • mfrom: (119.1.1 lenasys)
  • Revision ID: gustav.hartvigsson@gmail.com-20130528140147-2ewydr3yibwkoizh
Merged Wiksröm:s changes:

Edited courses data, making it more testable with different visble/public settings

Show diffs side-by-side

added added

removed removed

Lines of Context:
DuggaSys/changePassword/index.php
1
1
<?php
2
 
        header("X-UA-Compatible: IE=edge,chrome=1");
3
 
        $content="password.html.php";
4
 
        $pagetitle="Change password";
 
2
        header( "X-UA-Compatible: IE=edge,chrome=1" );
 
3
        $content = "password.html.php";
 
4
        $pagetitle = "Change password";
5
5
        
6
6
        // echo "<pre>";
7
7
        // print_r($_POST);
8
8
        // echo "</pre>";
9
9
        
10
10
        //Passwordchangingcode
11
 
        if(isset($_POST['changePasswordSubmit'])) {
12
 
                $pdo = new PDO('mysql:dbname=dsystem;host=wwwlab.iki.his.se', 'dbsk', 'Tomten2009'); //ADD NEW USER WITH LESS PRIVILEGES?
13
 
                $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
 
11
        if( isset( $_POST['changePasswordSubmit'] )) {
 
12
                include '../../php/dbconnect.php';
14
13
                $queryString = "SELECT Student.ssn FROM Student WHERE Student.loginName=:LOGIN AND Student.passw=:PASSW;";
15
14
 
16
 
                $stmt = $pdo->prepare($queryString);
17
 
                $stmt->bindParam(':LOGIN', $_POST['loginName']);
18
 
                $oldPassword=md5($_POST['password']);
19
 
                $stmt->bindParam(':PASSW', $oldPassword);
20
 
                $stmt->execute();
 
15
                $stmt = $pdo->prepare( $queryString );
 
16
                $stmt -> bindParam( ':LOGIN', $_POST['loginName'] );
 
17
                $oldPassword = md5( $_POST['password'] );
 
18
                $stmt -> bindParam( ':PASSW', $oldPassword );
 
19
                $stmt -> execute();
21
20
 
22
 
                if ($stmt->rowCount() == 1) { //Old password correct
23
 
                        $student=$stmt->fetch(PDO::FETCH_ASSOC);
 
21
                if( $stmt -> rowCount() == 1 ) { //Old password correct
 
22
                        $student = $stmt -> fetch( PDO::FETCH_ASSOC );
24
23
                        //Update password to new password
25
24
                        $updateString = "UPDATE Student 
26
 
                                                        SET Student.passw=:NEWPASSW
27
 
                                                        WHERE Student.ssn=:SSN
28
 
                                                                AND Student.loginName=:LOGIN;";
29
 
                        $updateStmt = $pdo->prepare($updateString);
30
 
                        $newPassword=md5($_POST['newPassword']);
31
 
                        $updateStmt->bindParam(':NEWPASSW', $newPassword);
32
 
                        $updateStmt->bindParam(':LOGIN', $_POST['loginName']);
33
 
                        $updateStmt->bindParam(':SSN', $student['ssn']);
34
 
                        $updateStmt->execute();
35
 
                        if($updateStmt->execute()) {
36
 
                                $errorMsg="New password stored";
 
25
                                SET Student.passw=:NEWPASSW
 
26
                                WHERE Student.ssn=:SSN
 
27
                                AND Student.loginName=:LOGIN;";
 
28
                        $updateStmt = $pdo -> prepare( $updateString );
 
29
                        $newPassword = md5( $_POST['newPassword'] );
 
30
                        $updateStmt -> bindParam(':NEWPASSW', $newPassword );
 
31
                        $updateStmt -> bindParam(':LOGIN', $_POST['loginName'] );
 
32
                        $updateStmt -> bindParam(':SSN', $student['ssn'] );
 
33
                        $updateStmt -> execute();
 
34
                        if( $updateStmt -> execute()) {
 
35
                                $errorMsg = "New password stored";
37
36
                        } else {
38
 
                                $errorMsg="ERROR: Failed to change password";
 
37
                                $errorMsg = "ERROR: Failed to change password";
39
38
                        }
40
39
                }
41
40
        }