Search the Community
Showing results for tags 'updating passwords'.
-
<?php $thisPage = 'update'; include('includes/header.html'); include('includes/nav1.php'); if($_SERVER['REQUEST_METHOD'] == 'POST') { require('../mysqli_connect.php'); $errors = array(); if (empty($_POST['login'])) { $errors[] = 'You forgot to enter your login'; } else { $lgn = mysqli_real_escape_string($dbc, trim($_POST['login'])); } if (empty($_POST['pwd'])) { $errors[] = 'You forgot to enter your password'; } else { $p = mysqli_real_escape_string($dbc, trim($_POST['pwd'])); } if (!empty($_POST['pwd1'])) { if($_POST['pwd1'] != $_POST['pwd2']) { $errors[] = 'Your new password did not match the confirmed password'; } else { $np = mysqli_real_escape_string($dbc, trim($_POST['pwd1'])); } } else { $errors[] = 'You forgot to enter your password'; } if(empty($errors)) { $q = "SELECT patientID FROM Patient WHERE( login = '$lgn' AND pwd = SHA1('$p') )"; $r = @mysqli_query($dbc, $q); $num = @mysqli_num_rows($r); if($num == 1) { $row = mysqli_fetch_array($r,MYSQLI_NUM); $q = "UPDATE Patient SET pwd=SHA1('$np') WHERE patientID=$row[1]"; $r = @mysqli_query($dbc, $q); if(mysqli_affected_rows($dbc) == 1) { echo '<h1>Thank You!</h1> <p>Your password has been updated</p>'; } else { echo '<h1>System Error</h1> <p class = "error">Your password could not be changed due a system error.We apologize for any inconvenience</p>'; echo '<p>' . mysqli_error($dbc) . '<br/><br/>Query: ' . $q . '</p>'; } mysqli_close($dbc); include('includes/footer.html'); exit(); } else { echo '<h1>Error</h1> <p class = "error">The login and password do not match those on file</p>'; } } else { echo '<h1>Error!</h1> <p class = "error">The following error(s) have occurred<br/>'; foreach($errors as $msg) { echo " -$msg<br/>\n"; } echo '</p><p>Please try again</p><p><br/></p>'; } mysqli_close($dbc); } ?> <h1>Change Your Password</h1> <form action="update.php" method="post"> <p>Login: <input type="text" name = "login" size = "2" maxlength = "12" value ="<?php if(isset($_POST['login'])) echo $_POST['login']; ?>" /></p> <p>Current Password: <input type="password" name="pwd" size="5" maxlength="20" value="<?php if (isset($_POST['pwd'])) echo $_POST['pwd']; ?>" /></p> <p>New Password: <input type="password" name="pwd1" size="5" maxlength="20" value="<?php if (isset($_POST['pwd1'])) echo $_POST['pwd1']; ?>" /></p> <p>Confirm New Password: <input type="password" name="pwd2" size="5" maxlength="20" value="<?php if (isset($_POST['pwd2'])) echo $_POST['pwd2']; ?>" /></p> <p><input type="submit" name="submit" value="Change Password" /></p> </form> <?php include ('includes/footer.html'); ?> <?php $thisPage = 'update'; include('includes/header.html'); include('includes/nav1.php'); if($_SERVER['REQUEST_METHOD'] == 'POST') { require('../mysqli_connect.php'); $errors = array(); if (empty($_POST['login'])) { $errors[] = 'You forgot to enter your login'; } else { $lgn = mysqli_real_escape_string($dbc, trim($_POST['login'])); } if (empty($_POST['pwd'])) { $errors[] = 'You forgot to enter your password'; } else { $p = mysqli_real_escape_string($dbc, trim($_POST['pwd'])); } if (!empty($_POST['pwd1'])) { if($_POST['pwd1'] != $_POST['pwd2']) { $errors[] = 'Your new password did not match the confirmed password'; } else { $np = mysqli_real_escape_string($dbc, trim($_POST['pwd1'])); } } else { $errors[] = 'You forgot to enter your password'; } if(empty($errors)) { $q = "SELECT patientID FROM Patient WHERE( login = '$lgn' AND pwd = SHA1('$p') )"; $r = @mysqli_query($dbc, $q); $num = @mysqli_num_rows($r); if($num == 1) { $row = mysqli_fetch_array($r,MYSQLI_NUM); $q = "UPDATE Patient SET pwd=SHA1('$np') WHERE patientID=$row[1]"; $r = @mysqli_query($dbc, $q); if(mysqli_affected_rows($dbc) == 1) { echo '<h1>Thank You!</h1> <p>Your password has been updated</p>'; } else { echo '<h1>System Error</h1> <p class = "error">Your password could not be changed due a system error.We apologize for any inconvenience</p>'; echo '<p>' . mysqli_error($dbc) . '<br/><br/>Query: ' . $q . '</p>'; } mysqli_close($dbc); include('includes/footer.html'); exit(); } else { echo '<h1>Error</h1> <p class = "error">The login and password do not match those on file</p>'; } } else { echo '<h1>Error!</h1> <p class = "error">The following error(s) have occurred<br/>'; foreach($errors as $msg) { echo " -$msg<br/>\n"; } echo '</p><p>Please try again</p><p><br/></p>'; } mysqli_close($dbc); } ?> <h1>Change Your Password</h1> <form action="update.php" method="post"> <p>Login: <input type="text" name = "login" size = "2" maxlength = "12" value ="<?php if(isset($_POST['login'])) echo $_POST['login']; ?>" /></p> <p>Current Password: <input type="password" name="pwd" size="5" maxlength="20" value="<?php if (isset($_POST['pwd'])) echo $_POST['pwd']; ?>" /></p> <p>New Password: <input type="password" name="pwd1" size="5" maxlength="20" value="<?php if (isset($_POST['pwd1'])) echo $_POST['pwd1']; ?>" /></p> <p>Confirm New Password: <input type="password" name="pwd2" size="5" maxlength="20" value="<?php if (isset($_POST['pwd2'])) echo $_POST['pwd2']; ?>" /></p> <p><input type="submit" name="submit" value="Change Password" /></p> </form> <?php include ('includes/footer.html'); ?> The Table being used in the update query is the Patient table keep CREATE TABLE Patient ( patientID INT AUTO_INCREMENT, title VARCHAR(15) DEFAULT 'Mr', firstN VARCHAR(40) NOT NULL, lastN VARCHAR(20) NOT NULL, street VARCHAR(25), suburb VARCHAR(30), state CHAR(3) DEFAULT 'NSW', pc CHAR(4) DEFAULT '2250', phone CHAR(12), email VARCHAR(50), imageName VARCHAR(50), login VARCHAR(12), pwd VARCHAR(40), PRIMARY KEY (patientID) );