function changePassword($email, $old_password, $new_password, $new2_password)
{
if ($new2_password != $new_password) {
return 0;
}
// Connect to database, store variables to prevent sql injections, encrypt
// password data.
$db = connect();
$old_password = md5($old_password);
$new_password = md5($new_password);
$email = mysql_real_escape_string(strtolower($email));
chk_user_pw($email, $old_password);
if ($db) {
// Store new password if old password and email are correct
$query2 = "UPDATE users\n\t SET password = '******'\n\t WHERE email = '" . $email . "'\n\t AND password = '******';";
if (mysql_num_rows($result)) {
$result2 = mysql_query($query2, $db);
// exit and send error message if query2 was unsuccessful
if (!$result2) {
$message = "Error in query ({$query2}): " . mysql_error();
disconnect($db, $result);
die($message);
} else {
if ($result2 && mysql_num_rows($result)) {
disconnect($db, $result);
return TRUE;
}
}
} else {
return 0;
}
}
}
// Helper function for generating a random password
function confirmationCodeGen()
{
$salt = "0123456789";
for ($i = 0; $i < 10; $i++) {
$num = mt_rand() % 10;
$password .= substr($salt, $num, 1);
}
return $password;
}
// Sanitize input
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password2 = mysql_real_escape_string($_POST['password2']);
// Test if username is already in the database
$user_exists = chk_user_pw($username, NULL);
echo $user_exists;
// check if passwords match, username is alphanumeric, and user does not already exist
// then send e-mail and insert user into database
if ($password == $password2 && ctype_alnum($username) && !$user_exists) {
$regNo = confirmationCodeGen();
echo $regNo;
// Message
$message = '
<html>
<body>
<p>Welcome to Grinnell Open Calender! <br /><br />
To activate your account, you must enter your activation code</p> <br /> <br />
Your activation code is: ' . $regNo . '
<p></p>
</body>
