$current = "";
$new = "";
$confirm = "";
$error = false;
$userID = $_SESSION['userID'];
/*
* Checking by the page itself to make submitted values are valid
*/
if ($_POST['Submitted'] != null) {
$current = $_POST['current'];
$new = $_POST['new'];
$confirm = $_POST['confirm'];
$IP = $_SERVER['REMOTE_ADDR'];
$browser = $_SERVER['HTTP_USER_AGENT'];
$details = DBAccess::getUserByUserID($userID);
$response = DBAccess::verifyUser($details[0]['LoginName'], $current, $IP, $browser);
if (strlen($current) == 0) {
$errorTextCurrent = "Please enter your current password";
$errorStyleCurrent = "background-color:#F99;";
$error = true;
} elseif ($response <= 0) {
$error = true;
$errorTextCurrent = "Invalid Password";
$errorStyleCurrent = "background-color:#F99;";
}
if (strlen($new) == 0) {
$errorTextNew = "Please enter a new password";
$errorStyleNew = "background-color:#F99;";
$error = true;
} else {
if ($new != $confirm) {
if (strlen($userName) == 0) {
$errorTextUserName = "******";
$errorStyleUserName = "******";
$error = true;
}
if (strlen($password) == 0) {
$errorTextPassword = "******";
$errorStylePassword = "******";
$error = true;
}
/*
* Verify Details
*/
$IP = $_SERVER['REMOTE_ADDR'];
$browser = $_SERVER['HTTP_USER_AGENT'];
$response = DBAccess::verifyUser($userName, $password, $IP, $browser);
if ($response == -1) {
$feedBack = "YOUR ACCOUNT HAS BEEN DISABLED";
} else {
if ($response > 0) {
$details = DBAccess::getUserByUserID($response);
// store session data
$_SESSION['userID'] = $response;
$IP = $_SERVER['REMOTE_ADDR'];
$browser = $_SERVER['HTTP_USER_AGENT'];
//record login
DBAccess::recordLogin($response, $IP, $browser);
//redirect based on permission
if ($details[0]['Position'] == 1) {
header('Location: /admin/');
} elseif ($details[0]['Position'] == 2) {
