Location: PHPKode > projects > PhpMyInventory > pmi281/changePW.php
<?
  Include("Includes/global.inc.php");
  checkPermissions(2, 900);

  forceSSL();

  If ($btnSubmit) {
      $strOldPassword = validateText("Old Password", $txtOldPassword, 6, 10, TRUE, FALSE);
      $strNewPassword = validateText("New Password", $txtNewPassword, 6, 10, TRUE, FALSE);
      $strConfPassword = validateText("Confirm Password", $txtConfPassword, 6, 10, TRUE, FALSE);

      If (!$strError) {
           $strOldPassword = md5($strOldPassword);

           $strSQL = "SELECT userID FROM tblSecurity WHERE ID=$userID AND password='$strOldPassword' AND accountID=$accountID";
           $result = dbquery($strSQL);
           $intFound = mysql_num_rows($result);
           If ($intFound == 0) {
                $strError = "Sorry - you did not provide the correct current password.";
           } ElseIf ($strNewPassword != $strConfPassword) {
                $strError = "Sorry, your new password did not match its confirmation";
           } Else {
                $strPassword = md5($strNewPassword);

                $strSQL = "UPDATE tblSecurity SET password='$strPassword' WHERE accountID=$accountID AND id=".$userID;
                $result = dbquery($strSQL);
                $strError = "Your password has been updated successfully.";

                $strSQL = "SELECT email FROM tblSecurity WHERE accountID=$accountID AND id=".$userID;
                $result = dbquery($strSQL);
                $row = mysql_fetch_row($result);
                $strEmail = $row[0];

                $msgBody = $msgBody."From: ".makeHomeURL("changePW.php")."\n\n";
                $msgBody = $msgBody."Your password has been updated successfully. ";
                $msgBody = $msgBody."If you did not request this change, please notify $adminEmail.";

                $strSubject = "Account info: password change confirmation.";
                mail($strEmail, $strSubject, $msgBody, "From: $adminEmail\r\nReply-To: $adminEmail\r\n");
           }
      }
  }

  writeHeader("Change your password");
  declareError(TRUE);
?>

<form name="form1" method="POST" action="changePW.php">
  <p><table border='0' width='420'>
    <tr>
      <td width='120'>Old Password:</td>
      <td width='300'><input type="password" name="txtOldPassword" size="10"></td>
    </tr>
    <tr><td colspan='2'>&nbsp;</td></tr>
    <tr>
      <td width='120'>New Password:</td>
      <td width='300'><input type="password" name="txtNewPassword" size="10"></td>
    </tr>
    <tr>
      <td width='120'>Confirm Password:</td>
      <td width='300'><input type="password" name="txtConfPassword" size="10"></td>
    </tr>
  </table><p>

  <input type="submit" value="Submit" name="btnSubmit">
  <input type="reset" value="Reset" name="reset">
</form>

<?
  writeFooter();
?>
Return current item: PhpMyInventory