function checklogin($username, $password) { $username = trim($username); $usernameN = strip_tags($username); if ($usernameN != $username) { throw new Exception("Inserted Username is not valid"); } $username = strtolower($username); $password = clearInput($password); if ($username == "" || $password == "") { throw new Exception("Username and Password cannot be empty"); } if (strlen($username) > 20) { throw new Exception("Username cannot be longer then 20 chars"); } $utente = new User($username); if (!$utente->IsValid()) { throw new Exception("User is not valid or it's not active"); } if ($utente->HasPassword($password)) { return TRUE; } else { throw new Exception("Invalid Password"); } }
*/ include_once dirname(__FILE__) . "/classes/User.php"; include_once dirname(__FILE__) . "/functions/functions.php"; session_start(); if (!isset($_SESSION['USERNAME'])) { redirect("login.php", 301); } else { //TODO check Session Duration try { $user = new User($_SESSION['USERNAME']); if (isset($_POST['OLDPWD']) && isset($_POST['PWD']) && isset($_POST['PWDR'])) { if ($_POST['OLDPWD'] == "" || $_POST['PWD'] == "" || $_POST['PWDR'] == "") { throw new Exception("Fields cannot be empty"); } try { if ($user->HasPassword($_POST['OLDPWD'])) { $user->ChangePassword($_POST['PWD'], $_POST['PWDR']); } else { $error = "Wrong Password"; $_SESSION = array(); if (ini_get("session.use_cookies")) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 3600 * 24, $params["path"], $params["domain"], $params["secure"], $params["httponly"]); } session_destroy(); } } catch (Exception $e) { $error = $e->getMessage(); } $msg = "Password Changed Successfully"; }