function checklogin($username, $password)
{
$username = trim($username);
$usernameN = strip_tags($username);
if ($usernameN != $username) {
throw new Exception("Inserted Username is not valid");
}
$username = strtolower($username);
$password = clearInput($password);
if ($username == "" || $password == "") {
throw new Exception("Username and Password cannot be empty");
}
if (strlen($username) > 20) {
throw new Exception("Username cannot be longer then 20 chars");
}
$utente = new User($username);
if (!$utente->IsValid()) {
throw new Exception("User is not valid or it's not active");
}
if ($utente->HasPassword($password)) {
return TRUE;
} else {
throw new Exception("Invalid Password");
}
}
*/
include_once dirname(__FILE__) . "/classes/User.php";
include_once dirname(__FILE__) . "/functions/functions.php";
session_start();
if (!isset($_SESSION['USERNAME'])) {
redirect("login.php", 301);
} else {
//TODO check Session Duration
try {
$user = new User($_SESSION['USERNAME']);
if (isset($_POST['OLDPWD']) && isset($_POST['PWD']) && isset($_POST['PWDR'])) {
if ($_POST['OLDPWD'] == "" || $_POST['PWD'] == "" || $_POST['PWDR'] == "") {
throw new Exception("Fields cannot be empty");
}
try {
if ($user->HasPassword($_POST['OLDPWD'])) {
$user->ChangePassword($_POST['PWD'], $_POST['PWDR']);
} else {
$error = "Wrong Password";
$_SESSION = array();
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 3600 * 24, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
session_destroy();
}
} catch (Exception $e) {
$error = $e->getMessage();
}
$msg = "Password Changed Successfully";
}
