diff --git a/html/includes/authentication/mysql.inc.php b/html/includes/authentication/mysql.inc.php index f212e6f60..151b94510 100644 --- a/html/includes/authentication/mysql.inc.php +++ b/html/includes/authentication/mysql.inc.php @@ -3,7 +3,7 @@ function authenticate($username,$password) { $encrypted = md5($password); - $sql = "SELECT username FROM `users` WHERE `username`='".$_SESSION['username']."' AND `password`='".$encrypted."'"; + $sql = "SELECT username FROM `users` WHERE `username`='".$username."' AND `password`='".$encrypted."'"; $query = mysql_query($sql); $row = @mysql_fetch_array($query); if($row['username'] && $row['username'] == $username) @@ -18,10 +18,10 @@ function passwordscanchange() return 1; } -function changepassword($username,$newpassword) +function changepassword($username,$password) { $encrypted = md5($password); - $sql = "UPDATE `users` SET password`='$encrypted' WHERE `username`='".$_SESSION['username']."'"; + $sql = "UPDATE `users` SET `password` = '$encrypted' WHERE `username`='".$username."'"; $query = mysql_query($sql); } @@ -56,4 +56,4 @@ function get_userid($username) return $row['user_id']; } -?> \ No newline at end of file +?> diff --git a/html/pages/preferences.php b/html/pages/preferences.php index d7c4e87eb..501e04eae 100644 --- a/html/pages/preferences.php +++ b/html/pages/preferences.php @@ -2,6 +2,28 @@ echo("