forked from optikalus/rbp
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathupdate.php
More file actions
76 lines (56 loc) · 2.46 KB
/
update.php
File metadata and controls
76 lines (56 loc) · 2.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
<?
// message board registration script v.1
// include the configuration file
require('config.inc.php');
// start session (if not already started)
if (!ini_get('session.auto_start')) {
session_name($config[session_name]);
session_save_path($locations[session_path]);
ini_set('session.gc_maxlifetime','604800');
session_start();
}
$errors = array();
// establish a connection with the database or notify an admin with the error string
if (!isset($mysql_link)) {
$mysql_link = mysql_connect($config[db_host],$config[db_user],$config[db_pass]) or error($config[db_errstr],$config[admin_email],"mysql_connect($config[db_host],$config[db_user],$config[db_pass])\n".mysql_error());
mysql_select_db($config[db_name],$mysql_link) or error($config[db_errstr],$config[admin_email],"mysql_select_db($config[db_name])\n".mysql_error());
}
if (!isset($_POST[username]) || !isset($_POST[password_a]) || !isset($_POST[password_b]) || !isset($_POST[password]))
error_redirect(array('general' => 'Invalid Input'));
if ($_POST[password_a] != $_POST[password_b]) {
$errors[general] .= '<br />Passwords do not match';
$errors[password] = true;
}
if (strlen($_POST[password_a]) < 4) {
$errors[general] .= '<br />Passwords must be at least 4 characters long';
$errors[password] = true;
} elseif (strlen($_POST[password_a]) > 255) {
$errors[general] .= '<br />Passwords cannot exceed 255 characters';
$errors[password] = true;
}
if (strlen($_POST[username]) < 1 || strlen($_POST[username]) > 255) {
$errors[general] .= '<br />Invalid username';
$errors[username] = true;
} else {
$query = "select user_id from $locations[auth_users_table] where username = '$_POST[username]'";
$result = mysql_query($query, $mysql_link);
if (mysql_num_rows($result) != 1) {
$errors[general] .= '<br />Username does not exist';
$errors[username] = true;
}
}
$query = "select user_id from $locations[auth_users_table] where username = '$_POST[username]' and password = md5('$_POST[password]') and active = 'y' and queued = 'n'";
$result = mysql_query($query, $mysql_link);
if (mysql_num_rows($result) != 1) {
$errors[general] .= '<br />Old password incorrect';
$errors[password] = true;
}
// bail on errors
if (count($errors) > 0)
error_redirect($errors);
// update the account
$query = "update $locations[auth_users_table] set password = md5('$_POST[password_a]') where username = '$_POST[username]'";
mysql_query($query, $mysql_link);
header("Location: passwordupdated.php");
exit();
?>