Exemplo n.º 1
0
function changePassword($email, $old_password, $new_password, $new2_password)
{
    if ($new2_password != $new_password) {
        return 0;
    }
    // Connect to database, store variables to prevent sql injections, encrypt
    // password data.
    $db = connect();
    $old_password = md5($old_password);
    $new_password = md5($new_password);
    $email = mysql_real_escape_string(strtolower($email));
    chk_user_pw($email, $old_password);
    if ($db) {
        // Store new password if old password and email are correct
        $query2 = "UPDATE users\n\t      SET password = '******'\n\t      WHERE email = '" . $email . "'\n\t      AND password = '******';";
        if (mysql_num_rows($result)) {
            $result2 = mysql_query($query2, $db);
            // exit and send error message if query2 was unsuccessful
            if (!$result2) {
                $message = "Error in query ({$query2}): " . mysql_error();
                disconnect($db, $result);
                die($message);
            } else {
                if ($result2 && mysql_num_rows($result)) {
                    disconnect($db, $result);
                    return TRUE;
                }
            }
        } else {
            return 0;
        }
    }
}
Exemplo n.º 2
0
// Helper function for generating a random password
function confirmationCodeGen()
{
    $salt = "0123456789";
    for ($i = 0; $i < 10; $i++) {
        $num = mt_rand() % 10;
        $password .= substr($salt, $num, 1);
    }
    return $password;
}
// Sanitize input
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password2 = mysql_real_escape_string($_POST['password2']);
// Test if username is already in the database
$user_exists = chk_user_pw($username, NULL);
echo $user_exists;
// check if passwords match, username is alphanumeric, and user does not already exist
// then send e-mail and insert user into database
if ($password == $password2 && ctype_alnum($username) && !$user_exists) {
    $regNo = confirmationCodeGen();
    echo $regNo;
    // Message
    $message = ' 
    <html>
    <body>
      <p>Welcome to Grinnell Open Calender! <br /><br />
         To activate your account, you must enter your activation code</p> <br /> <br />
	 Your activation code is: ' . $regNo . '
      <p></p>
    </body>