}
$NewUserid = isset($_POST['Userid']) ? $_POST['Userid'] : "";
$NewChurchID = isset($_POST['ChurchID']) ? $_POST['ChurchID'] : "";
$NewEmail = isset($_POST['Email']) ? $_POST['Email'] : "";
$Name = isset($_POST['Name']) ? $_POST['Name'] : "";
$Password = isset($_POST['Password']) ? $_POST['Password'] : "";
$IsAdmin = isset($_POST['Admin']) ? $_POST['Admin'] : "";
$Status = isset($_POST['Status']) ? $_POST['Status'] : "";
if ($NewUserid == "") {
$ErrorMsg = "Please enter the required field: Userid";
} else {
if ($Name == "") {
$ErrorMsg = "Please enter the required field: Name";
} elseif ($Password == "" and (isset($_POST['updPwd']) and $_POST['updPwd'] == 'on' or $mode == 'add')) {
$ErrorMsg = "Please enter the required field: Password";
} elseif ($Password != "" and !verifyPasswordFormat($Password)) {
$ErrorMsg = "Sorry, chosen password is too easily hacked.<br>Must be:<br>7 or more characters long<br>Mixed Case<br>Include at least 1 number<br>Include at least 1 special Character";
} elseif ($NewChurchID == "" or $NewChurchID == '0') {
$ErrorMsg = "Please enter the required field: Church";
} elseif ($IsAdmin == "") {
$ErrorMsg = "Please Indicate if person is an Administrator or not";
} elseif ($NewEmail == "" and (isset($_POST['updEmail']) and $_POST['updEmail'] == 'on' or $mode == 'add')) {
$ErrorMsg = "Please Enter Email address";
} elseif ($NewEmail != "" and !filter_var($NewEmail, FILTER_VALIDATE_EMAIL)) {
$ErrorMsg = "Sorry, That does not appear to be a valid email address";
} elseif ($Status == "") {
$ErrorMsg = "Please Indicate the status of the account";
}
}
if ($ErrorMsg == "") {
ereg_replace("'", "''", $Name);
//----------------------------------------------------------------------------
// This software is licensed under the MIT license. Use as you wish but give
// and take credit where due.
//
// Author: Paul Lemmons
//----------------------------------------------------------------------------
include 'include/RegFunctions.php';
$message = '';
if (isset($_POST['ChangePwd'])) {
$oldPassword = isset($_POST['oldPwd']) ? $_POST['oldPwd'] : '';
$newPassword1 = isset($_POST['newPwd1']) ? $_POST['newPwd1'] : '';
$newPassword2 = isset($_POST['newPwd2']) ? $_POST['newPwd2'] : '';
if ($newPassword1 != $newPassword2) {
$message = "New Passwords do not match.";
} elseif (!verifyPasswordFormat($newPassword1)) {
$message = "Sorry, chosen password is too easily hacked. Read note above";
} else {
$results = $db->query("select Password,count(*) as Count\n from {$UsersTable}\n where Userid = '{$Userid}'\n and Status != 'L'\n ") or die("Unable to validate Userid and Password!" . sqlError());
$row = $results->fetch(PDO::FETCH_ASSOC);
if ($row['Count'] != 1 or !password_verify($oldPassword, $row['Password'])) {
$message = "Sorry, You did not enter current password correctly.";
} else {
$newPassword = password_hash($newPassword1, PASSWORD_DEFAULT);
if ($db->query("update {$UsersTable} set Password = '******' where Userid='{$Userid}'")) {
$message = "Your password has been successfully updated";
} else {
$message = "Unable to update Password!" . sqlError();
}
}
}
