function ChangePassword($user, $oldpass, $newpass, $passcon)
{
$fields = strip_tags($fields);
$fields = strip_tags($fields);
$fields = strip_tags($fields);
$fields = strip_tags($fields);
$Table = $GLOBALS['user_table'];
$userfield = $GLOBALS['username_field'];
$passfield = $GLOBALS['password_field'];
$password_query = mysql_query("SELECT * FROM {$Table} WHERE {$userfield}='{$user}'") or die(mysql_error());
while ($row = mysql_fetch_assoc($password_query)) {
$db_password = $row[$passfield];
if (HashIt($oldpass) == $db_password) {
if ($newpass == $passcon) {
$passinsert = HashIt($newpass);
$PUQ = mysql_query("UPDATE {$Table} SET {$passfield}='{$passinsert}' WHERE {$userfield}='{$user}'") or die(mysql_error());
echo "Success! Your password has been changed!";
} else {
echo "Your confirming password does not match your new password!";
}
} else {
echo "The old password that you entered is incorrect!";
}
}
}
function DeleteEntry($username,$password)
{
$result=0;
//hash username
$hash = HashUsername($username);
//hash key
$hashedkey = HashIt($password, $hash);
$queryresults = ExecSQLReturnAArray("DELETE FROM btcnames WHERE name='".$hash."' AND key='".$hashedkey."'");
//query went ok
if ($queryresults != FALSE)
{
$result = 1;
}
else //query went wrong
{
$result = 3;
}
}
function AddAccount($Action)
{
$Email = stripslashes($_POST["D1"]);
$UserData = FetchUser($Action, $Email);
if ($Email == $UserData['Email']) {
if ($UserData['Attempt'] < 5) {
AddAttempt($Action, $UserData, $Email);
$ActivityMSG = "Account to be locked due to multiple registration attempts.";
AddActivity($Action, $Email, $ActivityMSG);
echo json_encode("notlocked");
exit;
} else {
$ActivityMSG = "Account was locked out due to multiple registration attempts.";
AddActivity($Action, $Email, $ActivityMSG);
echo json_encode("locked");
exit;
}
}
$Password = stripslashes($_POST["D2"]);
$HashedPassword = HashIt($Password);
$Disabled = 1;
$Attempt = 0;
$AdminCode = 1;
global $PDOconn;
$Query = 'CALL AddAccount (?, ?, ?, ?, ?)';
$Statement = $PDOconn->prepare($Query);
$Statement->bindParam(1, $Email, PDO::PARAM_STR, 45);
$Statement->bindParam(2, $HashedPassword, PDO::PARAM_STR, 64);
$Statement->bindParam(3, $Disabled, PDO::PARAM_INT, 1);
$Statement->bindParam(4, $Attempt, PDO::PARAM_INT, 1);
$Statement->bindParam(5, $AdminCode, PDO::PARAM_INT, 1);
Execute($Action, $Statement);
$ActivityMSG = "Your account was created.";
AddActivity($Action, $Email, $ActivityMSG);
mail($Email, "Your account was created", "The following email: " . $Email . " has been created. The account will be activated by an Admin. In the meantime, familiarize yourself with the pet policy. https://petsignin.alibkaba.com/petsignin/petpolicy.pdf");
$AdminAccounts = FetchAdmins($Action);
foreach ($AdminAccounts as $AdminEmail) {
mail($AdminEmail['Email'], "New account created", "The following email: " . $Email . " has been created. Account is awaiting your approval.");
}
echo json_encode("refresh");
$PDOconn = null;
}
<body>
<p>Create Admin</p>
<form action="#" method='post'>
Email: <input type="text" name="Email"><br>
Password: <input type="password" name="Password"><br>
<input type="submit" name="add" value="Submit" data-theme="b"/>
<?php
require_once '../db.php';
require_once '../operations.php';
error_reporting(E_ALL);
ini_set('display_errors', 1);
if (isset($_POST['add'])) {
$Action = "admin.php";
$Email = $_POST['Email'];
$Password = $_POST['Password'];
$HashedPassword = HashIt($Password);
$Disabled = 0;
$Attempt = 0;
$AdminCode = 2;
global $PDOconn;
$Query = 'CALL AddAdminAccount (?,?,?,?,?)';
$Statement = $PDOconn->prepare($Query);
$Statement->bindParam(1, $Email, PDO::PARAM_STR, 45);
$Statement->bindParam(2, $HashedPassword, PDO::PARAM_STR, 255);
$Statement->bindParam(3, $Disabled, PDO::PARAM_INT, 1);
$Statement->bindParam(4, $Attempt, PDO::PARAM_INT, 1);
$Statement->bindParam(5, $AdminCode, PDO::PARAM_INT, 1);
$Statement->execute();
$ActivityMSG = "Your account was created by an admin.";
AddActivity($Action, $Email, $ActivityMSG);
$MSG = "Super Admin created.";
