-
Notifications
You must be signed in to change notification settings - Fork 2
/
change_user_password_mediator.php
60 lines (47 loc) · 1.67 KB
/
change_user_password_mediator.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<?php
include 'util.php';
my_session_start();
if($_SESSION["user_type"] == "Admin")
{
include 'admin_menu.php';
}else{
include 'menu.php';
}
include 'connection_open.php';
$user_email_address = mysqli_real_escape_string($dbc,$_POST['user_email_address']);
$user_old_password = mysqli_real_escape_string($dbc,$_POST['user_old_password']);
$user_new_password = mysqli_real_escape_string($dbc,$_POST['user_new_password']);
$query = "SELECT * FROM user_profile
WHERE user_email_address='$user_email_address' AND user_password='$user_old_password'";
$result = mysqli_query($dbc,$query)
or die('Error querying database.: ' .mysqli_error($dbc));
$count=mysqli_num_rows($result);
if($count==1){
// echo "Password Changed";
$user_one_time_password = rand(100000, 999999);
$query = "UPDATE user_profile
SET user_password='$user_new_password', user_one_time_password='$user_one_time_password'
WHERE user_email_address='$user_email_address'";
$result = mysqli_query($dbc,$query)
or die('Error querying database.: ' .mysqli_error($dbc));
echo "Password Changed";
session_destroy();
}
else{
$query = "SELECT * FROM user_profile
WHERE user_email_address='$user_email_address'";
$result = mysqli_query($dbc,$query)
or die('Error querying database.: ' .mysqli_error($dbc));
$count=mysqli_num_rows($result);
$_SESSION["error_flag"] = "y";
$_SESSION["email"] = $user_email_address;
if($count==1){
$_SESSION["change_user_password"]="Enter Correct Old Password";
}
else{
$_SESSION["change_user_password"]="Profile Does Not Exists";
}
include 'connection_close.php';
header('Location: change_user_password.php');
}
?>