function changePassword($email, $old_password, $new_password, $new2_password) { if ($new2_password != $new_password) { return 0; } // Connect to database, store variables to prevent sql injections, encrypt // password data. $db = connect(); $old_password = md5($old_password); $new_password = md5($new_password); $email = mysql_real_escape_string(strtolower($email)); chk_user_pw($email, $old_password); if ($db) { // Store new password if old password and email are correct $query2 = "UPDATE users\n\t SET password = '******'\n\t WHERE email = '" . $email . "'\n\t AND password = '******';"; if (mysql_num_rows($result)) { $result2 = mysql_query($query2, $db); // exit and send error message if query2 was unsuccessful if (!$result2) { $message = "Error in query ({$query2}): " . mysql_error(); disconnect($db, $result); die($message); } else { if ($result2 && mysql_num_rows($result)) { disconnect($db, $result); return TRUE; } } } else { return 0; } } }
// Helper function for generating a random password function confirmationCodeGen() { $salt = "0123456789"; for ($i = 0; $i < 10; $i++) { $num = mt_rand() % 10; $password .= substr($salt, $num, 1); } return $password; } // Sanitize input $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $password2 = mysql_real_escape_string($_POST['password2']); // Test if username is already in the database $user_exists = chk_user_pw($username, NULL); echo $user_exists; // check if passwords match, username is alphanumeric, and user does not already exist // then send e-mail and insert user into database if ($password == $password2 && ctype_alnum($username) && !$user_exists) { $regNo = confirmationCodeGen(); echo $regNo; // Message $message = ' <html> <body> <p>Welcome to Grinnell Open Calender! <br /><br /> To activate your account, you must enter your activation code</p> <br /> <br /> Your activation code is: ' . $regNo . ' <p></p> </body>