A8 : iMe

New Skills

Description

This script connects the user to the database and allows them to change their password when they have submitted their details.

If the wrong details are submitted a merror message is displayed.

If the right details are submited then the users password is changed on the database.

Code

```
<?php
```
```
if (isset($_POST['submit'])){
```
```
require_once ('mysql_connect.php');
```
```
function escape_data ($data){
```
```
global $dbc;
```
```
if (ini_get('magic_quotes_gpc')){
```
```
$data = stripslashes($data);}
```

return mysql_real_escape_string($data, $dbc);}

```
$message = null;
```
```
if (empty($_POST['user_name'])){
```
```
$u = false;
```

$message .= '<p>You forgot to enter your username!</p>';}

```
else{
```
```
$u = escape_data($_POST['user_name']);}
```
```
if (empty($_POST['password'])){
```
```
$p = false;
```

$message .= '<p>You forgot to enter your existing password!</p>';}

```
else{
```
```
$p = escape_data($_POST['password']);}
```
```
if (empty($_POST['password1'])){
```
```
$np = false;
```

$message .= '<p>You forgot to enter your new password!</p>';}

```
else{
```

if ($_POST['password1'] == $_POST['password2']){

$np = escape_data($_POST['password1']);}

```
else{
```
```
$np = false;
```

$message .= '<p>Your new password did not match the confirmed new password!</p>';}

```
}
```
```
if ($u && $p && $np){
```

$query = "SELECT user_id FROM users WHERE (user_name='$u' AND password='$p')";

```
$result = @mysql_query ($query);
```
```
$num = @mysql_num_rows ($result);
```
```
if ($num == 1){
```

$row = mysql_fetch_array($result, MYSQL_NUM);

$query = "UPDATE users SET password='$np' WHERE user_id=$row[0]";

```
$result = @mysql_query ($query);
```
```
if (mysql_affected_rows() == 1){
```

echo '<p><b>Your password has been changed.</b></p>';

```
include ('footer.php');
```
```
exit();}
```
```
else{
```

$message = '<p>Your password could not be changed due to a system error.'

'We apologize for any inconvenience.</p><p>' . mysql_error() . '</p>';}

```
}
```
```
else{
```

$message = '<p>Your username and password do not match our records.</p>';}

```
mysql_close();}
```
```
else{
```

$message .= '<p>Please try again.</p>';}

```
}
```
```
if (isset($message)){
```

echo '<font color="red">', $message, '</font>';}

```
?>
```

```
//Start PHP protocol
```
```
//Handle the form
```
```
//Connect to the db
```

//Create a function for escaping the data

```
//Need the connection
```
```
//Set magic quotes
```
```
//Strip slashes
```
```
//End of function
```
```
//Create an empty new variable
```
```
//Check for a username
```
```
//If variable is false
```
```
//Print message
```
```
//Otherwise
```
```
//Post
```
```
//Check for an existing password
```
```
//If variable is false
```
```
//Print message
```
```
//Otherwise
```
```
//Post
```
```
//Check for a password
```
```
//If variable is false
```
```
//Print message
```
```
//Otherwise
```
```
//End password check
```
```
//Print message
```
```
//Check against confirmed password
```
```
//If correct post
```
```
//Otherwise
```
```
//Variable is false
```
```
//If everything's OK
```
```
//Password protect = PASSWORD('$p')
```
```
//Define variable
```
```
//Define variable
```
```
//If counter equals one
```
```
//Fetch details from database
```

//Make the query - Password protect = PASSWORD('$p')

```
//Run the query
```
```
//If it ran OK
```
```
//Output message/eMail/etc
```
```
/Include the HTML footer
```
```
//Quit the script
```
```
//If it did not run OK
```
```
//Print message
```
```
//End if
```
```
//Otherwise
```
```
//Print message
```
```
//Close the database connection
```
```
//Otherwise
```
```
//Print message
```
```
//End of the main Submit conditional
```
```
//If error
```
```
//Print message
```
```
//End PHP protocol
```