?> <!-- MAIN CONTENT STARTS --> <div id="centredDiv"> <h2>Create New User</h2> <?php if (isset($_SESSION['user']) && $_SESSION['user'] != '') { // Check if user is logged in if (isset($_SESSION['type']) && $_SESSION['type'] == 3) { // Check if user can create other users $errors = array(); // Check if register values are set. If false, user has opened page the first time if (isset($_POST["email"]) && isset($_POST["pass"]) && isset($_POST["cnfrmPass"]) && isset($_POST["fname"]) && isset($_POST["lname"]) && isset($_POST["type"])) { require $relative . 'data/php/user/validate.inc'; validate_email($errors, $_POST['email']); validate_and_confirm_pass($errors, $_POST["pass"], $_POST["cnfrmPass"]); validate_name($errors, $_POST["fname"], 'fname', 'a valid first name'); validate_name($errors, $_POST["mnames"], 'mnames', 'valid middle name(s)'); validate_name($errors, $_POST["lname"], 'lname', 'a valid last name'); validate_phone($errors, $_POST["phone"]); if (!isset($_POST['type']) || $_POST['type'] == '') { $errors['type'] = 'Please select a user type'; } if (!isset($errors['email']) && !isset($errors['pass']) && !isset($errors['cnfrmPass']) && !isset($errors['fname']) && !isset($errors['mnames']) && !isset($errors['lname']) && !isset($errors['phone']) && !isset($errors['type'])) { // No errors, form is valid $password = $_POST["pass"]; $salt = uniqid(); // Check if email exists in user table require $relative . 'data/php/database/pdo.inc'; $email = trim($_POST["email"]); $fname = trim($_POST["fname"]);
<?php require $relative . 'data/php/site/header-menu.inc'; ?> <!-- MAIN CONTENT STARTS --> <div id="centredDiv"> <h2>Change Password</h2> <?php // Check if user is logged in if (isset($_SESSION['user']) && $_SESSION['user'] != '') { $errors = array(); // Check if register values are set. If false, user has opened page the first time if (isset($_POST['pass']) && isset($_POST['newPass']) && isset($_POST['cnfrmPass'])) { require $relative . 'data/php/user/validate.inc'; validate_password($errors, $_POST['pass']); validate_and_confirm_pass($errors, $_POST['newPass'], $_POST['cnfrmPass']); if (!isset($errors['pass']) && !isset($errors['newPass']) && !isset($errors['cnfrmPass'])) { // No errors, form is valid require $relative . 'data/php/database/pdo.inc'; // Check if old password is correct $query = "SELECT email FROM user WHERE email = ? AND password = SHA2(CONCAT(?,salt),0);"; $user = select($query, array($_SESSION['user'], $_POST['pass']), false); if ($user != false) { // Old password is correct // Check new password isn't the same if ($_POST['pass'] == $_POST['newPass']) { $errors['newPass'] = '******'; include $relative . 'data/php/user/change/password.inc'; } else { // Change password // Update new password for user's row in user table