function passwordFormSubmitted() { if ($_POST['pass1'] != $_POST['pass2']) { dieError("ERROR: Passwords do not match"); // has javascript checking, we should never hit this error. } if (!isValidUserPassword(getUsername(), $_POST['pass0'])) { echo "<h2>Incorrect Old password entered. Please try again.</h2>\n"; echo file_get_contents("html/password.html"); die(' '); } // now we insert it into the database if (setUserPassword($_POST['pass1'])) { echo "<h1>Password Changed</h1>\n"; echo "<form><input type=\"button\" name=\"continue\" value=\"Continue\" onClick=\"parent.main_popupWindowCancel()\"></form>\n"; } else { dieError("Password Change Failed. Please contact the administrator"); } }
} else { if (isset($_POST['submit'])) { // Clean arrays to prevent injection attacks slashAllInputs(); // Connects to your Database connectDatabase(); // makes sure they filled it in if (!$_POST['username'] || !$_POST['password']) { echoMainHeader(); echo "<h2>You did not fill in a required field.</h2>\n"; displayLogin(); } else { //Gives error if user dosen't exist if (!doesUserExist($_POST['username'])) { echoMainHeader(); echo "<h2>That user does not exist in our database.</h2>\n"; displayLogin(); } else { if (isValidUserPassword($_POST['username'], $_POST['password'])) { loginUser(); } else { echoMainHeader(); echo "Incorrect password, please try again.\n"; } } } echoMainFooter(); } } } die;
<?php function isValidUserPassword($pUsername, $pPassword) { $result = FALSE; if (strcmp($pUsername, "*****@*****.**") == 0 && strcmp($pPassword, "pass") == 0) { $result = TRUE; session_start(); $_SESSION["username"] = $pUsername; $_SESSION["password"] = $pPassword; $_SESSION["rol"] = "Admin"; header("Location:/proyectoingenieriasoftware-web/SADCA/home_administrator.php"); } else { header("Location:/proyectoingenieriasoftware-web/SADCA/login.php"); } } if (isset($_GET['controller']) and isset($_GET['action']) and isset($_GET['username']) and isset($_GET['password'])) { $controllername = $_GET['controller']; $action = $_GET['action']; $username = $_GET['username']; $password = $_GET['password']; isValidUserPassword($username, $password); } else { header("Location:/proyectoingenieriasoftware-web/SADCA/login.php"); }