define('INCLUDE_CHECK', true);
session_start();
$username = $_SESSION['user']->username;
if (isset($_POST['opassword'])) {
$opassword = $_POST['opassword'];
} else {
die("Enter old Password");
}
if (sha1($opassword) != $_SESSION['user']->password) {
die("wrong old password");
}
if (isset($_POST['password'])) {
$password = $_POST['password'];
} else {
die("Enter Password");
}
if (isset($_POST['confirmPassword'])) {
$cpassword = $_POST['confirmPassword'];
} else {
die("Enter Confirm Password");
}
if ($password != $cpassword) {
die("Password mis-match");
}
$id = $_SESSION['user']->role_id;
$u = new user_class($username, $password, $id);
echo $u->updateUser();
$user = user_class::getUserObject($username);
$_SESSION['user'] = $user;
$l = new site_log(NULL, NULL, $_SESSION['user']->username, $_SERVER['REMOTE_ADDR'], $username . " changed password");
$l->insertlog();
<?php
//if(!isset($_SERVER['HTTP_REFERER'])){
// header("location: ../../access_denied.php?data=You don't have direct access to this page");
//}
define('INCLUDE_CHECK', true);
if (isset($_GET['uname'])) {
$ti = $_GET['uname'];
} else {
die("First Go to user managemant page");
}
require_once 'db/user_class.php';
$a = user_class::getRoles();
$user = user_class::getUserObject($ti);
if ($a === 0) {
die("no role entry in database");
}
if ($user === 0) {
die("invalid user");
}
?>
<form method="post" id="updateform" enctype="multipart/form-data" action="server/users/user_update_server.php">
<label for="userName">Username<span style="color:red;">*</span>:</label>
<input type="text" value="<?php
echo $user->username;
?>
" readonly="true" id="userName" name="userName" class="text ui-widget-content ui-corner-all" required maxlength="10" />
<label for="password">Password<span style="color:red;">*</span>: (8 to 10 character , one special character and one number is required) </label>
<input type="password" name="password" id="password" pattern="^(?=.*\d+)(?=.*[a-zA-Z])[0-9a-zA-Z!@#$%]{8,10}$" class="text ui-widget-content ui-corner-all" required />
