$current = ""; $new = ""; $confirm = ""; $error = false; $userID = $_SESSION['userID']; /* * Checking by the page itself to make submitted values are valid */ if ($_POST['Submitted'] != null) { $current = $_POST['current']; $new = $_POST['new']; $confirm = $_POST['confirm']; $IP = $_SERVER['REMOTE_ADDR']; $browser = $_SERVER['HTTP_USER_AGENT']; $details = DBAccess::getUserByUserID($userID); $response = DBAccess::verifyUser($details[0]['LoginName'], $current, $IP, $browser); if (strlen($current) == 0) { $errorTextCurrent = "Please enter your current password"; $errorStyleCurrent = "background-color:#F99;"; $error = true; } elseif ($response <= 0) { $error = true; $errorTextCurrent = "Invalid Password"; $errorStyleCurrent = "background-color:#F99;"; } if (strlen($new) == 0) { $errorTextNew = "Please enter a new password"; $errorStyleNew = "background-color:#F99;"; $error = true; } else { if ($new != $confirm) {
if (strlen($userName) == 0) { $errorTextUserName = "******"; $errorStyleUserName = "******"; $error = true; } if (strlen($password) == 0) { $errorTextPassword = "******"; $errorStylePassword = "******"; $error = true; } /* * Verify Details */ $IP = $_SERVER['REMOTE_ADDR']; $browser = $_SERVER['HTTP_USER_AGENT']; $response = DBAccess::verifyUser($userName, $password, $IP, $browser); if ($response == -1) { $feedBack = "YOUR ACCOUNT HAS BEEN DISABLED"; } else { if ($response > 0) { $details = DBAccess::getUserByUserID($response); // store session data $_SESSION['userID'] = $response; $IP = $_SERVER['REMOTE_ADDR']; $browser = $_SERVER['HTTP_USER_AGENT']; //record login DBAccess::recordLogin($response, $IP, $browser); //redirect based on permission if ($details[0]['Position'] == 1) { header('Location: /admin/'); } elseif ($details[0]['Position'] == 2) {