function _makeAction($value)
{
global $THIS_RET;
$i = UserStudentId();
$rem = "<a href=Modules.php?modname=scheduling/Schedule.php&student_id={$i}&del=true&c_id={$value}&cp_id={$THIS_RET['COURSE_PERIOD_ID']}&schedule_id={$THIS_RET['SCHEDULE_ID']}><img src='assets/remove_button.gif'/></a>";
return $rem;
//
}
$stu_PASS = DBGet(DBQuery('SELECT la.PASSWORD FROM login_authentication la, students s WHERE s.STUDENT_ID=\'' . UserStudentId() . '\' AND la.USER_ID=s.STUDENT_ID AND la.PROFILE_ID=3'));
$pass_old = $_REQUEST['old'];
if ($pass_old == "") {
$error[] = "Please Type The Password";
echo ErrorMessage($error, 'Error');
} else {
$column_name = PASSWORD;
$pass_old = paramlib_validation($column_name, $_REQUEST['old']);
$pass_new = paramlib_validation($column_name, $_REQUEST['new']);
$pass_retype = paramlib_validation($column_name, $_REQUEST['retype']);
$pass_old = str_replace("\\'", "''", md5($pass_old));
$pass_new = str_replace("\\'", "''", md5($pass_new));
$pass_retype = str_replace("\\'", "''", md5($pass_retype));
if ($stu_PASS[1]['PASSWORD'] == $pass_old) {
if ($pass_new == $pass_retype) {
$sql = 'UPDATE login_authentication SET PASSWORD=\'' . $pass_new . '\' WHERE USER_ID=\'' . UserStudentId() . '\' AND PROFILE_ID=3 ';
DBQuery($sql);
$note[] = "Password Sucessfully Changed";
echo ErrorMessage($note, 'note');
} else {
$error[] = "Please Retype Password";
echo ErrorMessage($error, 'Error');
}
} else {
$error[] = "Old password is incorrect";
echo ErrorMessage($error, 'Error');
}
}
}
echo "<span id='error' name='error'></span>";
PopTable('header', 'Change Password');
include '../../Redirect_modules.php';
DrawBC("School Setup >> " . ProgramTitle());
if ($_REQUEST['action'] == 'update' && $_REQUEST['button'] == 'Save' && User('PROFILE') == 'student') {
$stu_PASS = DBGet(DBQuery('SELECT PASSWORD FROM students WHERE STUDENT_ID=\'' . UserStudentId() . '\''));
$pass_old = $_REQUEST['old'];
if ($pass_old == "") {
$error[] = "Please Type The Password";
echo ErrorMessage($error, 'Error');
} else {
$pass_old = str_replace("\\'", "''", md5($_REQUEST['old']));
$pass_new = str_replace("\\'", "''", md5($_REQUEST['new']));
$pass_retype = str_replace("\\'", "''", md5($_REQUEST['retype']));
if ($stu_PASS[1]['PASSWORD'] == $pass_old) {
if ($pass_new == $pass_retype) {
$sql = 'UPDATE students SET PASSWORD=\'' . $pass_new . '\' WHERE STUDENT_ID=\'' . UserStudentId() . '\'';
DBQuery($sql);
$note[] = "Password Sucessfully Changed";
echo ErrorMessage($note, 'note');
} else {
$error[] = "Please Retype Password";
echo ErrorMessage($error, 'Error');
}
} else {
$error[] = "Password Does'nt Exist";
echo ErrorMessage($error, 'Error');
}
}
}
/*
echo "<FORM name=change_password id=change_password action=Modules.php?modname=$_REQUEST[modname]&action=update method=POST>";
$stu_PASS = DBGet(DBQuery("SELECT PASSWORD FROM STUDENTS WHERE STUDENT_ID='" . UserStudentId() . "'"));
$pass_old = $_REQUEST['old'];
if ($pass_old == "") {
$error[] = "Please Type The Password";
echo ErrorMessage($error, 'Error');
} else {
$column_name = PASSWORD;
$pass_old = paramlib_validation($column_name, $_REQUEST['old']);
$pass_new = paramlib_validation($column_name, $_REQUEST['new']);
$pass_retype = paramlib_validation($column_name, $_REQUEST['retype']);
$pass_old = str_replace("\\'", "''", md5($pass_old));
$pass_new = str_replace("\\'", "''", md5($pass_new));
$pass_retype = str_replace("\\'", "''", md5($pass_retype));
if ($stu_PASS[1]['PASSWORD'] == $pass_old) {
if ($pass_new == $pass_retype) {
$sql = "UPDATE STUDENTS SET PASSWORD='******' WHERE STUDENT_ID='" . UserStudentId() . "'";
DBQuery($sql);
$note[] = "Password Sucessfully Changed";
echo ErrorMessage($note, 'note');
} else {
$error[] = "Please Retype Password";
echo ErrorMessage($error, 'Error');
}
} else {
$error[] = "Password Does'nt Exist";
echo ErrorMessage($error, 'Error');
}
}
}
/*
echo "<FORM name=change_password id=change_password action=Modules.php?modname=$_REQUEST[modname]&action=update method=POST>";