public function current_password($password, $table, $field, $value)
{
$query = HDB::hus()->prepare("SELECT `password` FROM `{$table}` WHERE `{$field}` = ?");
$query->bindValue(1, $value);
try {
$query->execute();
$data = $query->fetch();
$my_password = $data['password'];
$hash = hezecom_crypt($password);
if ($hash == hezecom_crypt($password, $my_password)) {
return true;
} else {
return false;
}
} catch (PDOException $e) {
die($e->getMessage());
}
}
//$mytable=$haccess->CustomShow();
include 'libraries/views/admin/Update2.php';
} elseif (get('do') == 'updatepwd') {
if (post('button')) {
if (post('password') == '') {
$errors[] = 'Your password cannot be empty';
} elseif ($haccess->current_password(post('oldpassword'), H_SYSTEM_ACCESS, 'userid', $haccess->UserID()) === false) {
$errors[] = 'Your old password is not correct!';
} elseif (post('password') != '' and strlen(post('password')) < 5) {
$errors[] = 'Your password must be atleast 5 characters';
} elseif (strlen(post('password')) > 30) {
$errors[] = 'Your password cannot be more than 30 characters long';
} elseif (post('password') != post('password2')) {
$errors[] = 'Your passwords are not the same.';
} elseif (empty($errors) === true) {
$password = hezecom_crypt(post('password'));
$haccess->UpdatePassword($password, date('Y-m-d'), post('userid'));
send_to('' . H_ADMIN . '&view=hsys_users2&do=details&msg=update');
}
}
include 'libraries/views/admin/ChangePwd2.php';
} elseif (get('do') == 'details') {
$rows = $haccess->SelectOne($haccess->UserID());
include 'libraries/views/admin/Details2.php';
}
} elseif (get('do') == 'autosearch') {
$qstring = post('qstring');
if (strlen($qstring) > 0) {
$autosearch = $haccess->AutoSearch(trim($qstring), 10, 'name');
echo ' <div class="widget"><ul class="list-group">';
foreach ($autosearch as $srow) {