diff --git a/html/includes/authentication/mysql.inc.php b/html/includes/authentication/mysql.inc.php index f212e6f60..151b94510 100644 --- a/html/includes/authentication/mysql.inc.php +++ b/html/includes/authentication/mysql.inc.php @@ -3,7 +3,7 @@ function authenticate($username,$password) { $encrypted = md5($password); - $sql = "SELECT username FROM `users` WHERE `username`='".$_SESSION['username']."' AND `password`='".$encrypted."'"; + $sql = "SELECT username FROM `users` WHERE `username`='".$username."' AND `password`='".$encrypted."'"; $query = mysql_query($sql); $row = @mysql_fetch_array($query); if($row['username'] && $row['username'] == $username) @@ -18,10 +18,10 @@ function passwordscanchange() return 1; } -function changepassword($username,$newpassword) +function changepassword($username,$password) { $encrypted = md5($password); - $sql = "UPDATE `users` SET password`='$encrypted' WHERE `username`='".$_SESSION['username']."'"; + $sql = "UPDATE `users` SET `password` = '$encrypted' WHERE `username`='".$username."'"; $query = mysql_query($sql); } @@ -56,4 +56,4 @@ function get_userid($username) return $row['user_id']; } -?> \ No newline at end of file +?> diff --git a/html/pages/preferences.php b/html/pages/preferences.php index d7c4e87eb..501e04eae 100644 --- a/html/pages/preferences.php +++ b/html/pages/preferences.php @@ -2,6 +2,28 @@ echo("
"); echo("

User Preferences

"); + +if($_POST['action'] == "changepass") { + + if(authenticate($_SESSION['username'],$_POST['old_pass'])) { + if($_POST['new_pass'] == "" || $_POST['new_pass2'] == "") + { + $changepass_message = "Password must not be blank."; + } + elseif($_POST['new_pass'] == $_POST['new_pass2']) + { + changepassword($_SESSION['username'],$_POST['new_pass']); + $changepass_message = "Password Changed."; + } + else + { + $changepass_message = "Passwords don't match."; + } + } else { + $changepass_message = "Incorrect password"; + } +} + include("includes/update-preferences-password.inc.php"); echo("
");