function OnRequest()
{
$requestMethod = $_SERVER['REQUEST_METHOD'];
if ($requestMethod == "GET") {
if (isset($_GET['id'])) {
$currentUser = ModelFacade::getLoggedInUser();
$userDetails = ModelFacade::getUserDetails($_GET['id']);
if ($userDetails) {
if ($userDetails->id != $currentUser->id) {
$message = "Access denied.";
include_once '/Views/ErrorPage.html';
} else {
include_once '/Views/UserChangePassword.html';
}
} else {
$message = "No user exists with the specified id";
include_once '/Views/ErrorPage.html';
}
} else {
$message = "Sorry no user id was set";
include_once '/Views/ErrorPage.html';
}
} else {
ChangePassword();
}
}
function MAIN_MENU()
{
$unix = new unix();
$clear = $unix->find_program("clear");
if (is_file($clear)) {
system("{$clear}");
}
echo "Credentials Menu\n";
echo "---------------------------------------------\n";
echo "Display SuperAdmin credentials...: [1]\n";
echo "Modify SuperAdmin credentials....: [2]\n";
echo "Exit menu........................: [q]\n";
echo "\n";
$answer = trim(strtolower(fgets(STDIN)));
switch ($answer) {
case "1":
ShowPassword();
break;
case "2":
ChangePassword();
break;
case "q":
die;
break;
default:
break;
MAIN_MENU();
return;
}
}
public function testChangePasswordOfNonExistingUser()
{
// If user doesn't exist, the password should not be changed
$username = '******';
$newPassword = '******';
$this->db->expects($this->once())->method('get')->with($username)->willReturn(null);
$this->db->expects($this->never())->method('update');
ChangePassword($this->db, $username, $newPassword);
}
function Changepwd($mysqli)
{
if (!empty($_SESSION["userid"])) {
$query = $mysqli->query("SELECT * FROM users WHERE id = '" . $_SESSION["userid"] . "'");
if (!($row = $query->fetch_array(MYSQLI_BOTH))) {
echo "SORRY...YOU ARE NOT REGISTERED USER...";
} else {
if ($_POST['password'] == $row["password"]) {
ChangePassword($mysqli);
} else {
header('Location: userchangepassword_failure.html');
exit;
}
}
}
}
<?php
session_start();
define('DB_HOST', 'localhost');
define('DB_NAME', 'texaskitchen');
define('DB_USER', 'root');
define('DB_PASSWORD', '');
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}
function ChangePassword($mysqli)
{
$newpassword = $_POST['newpassword'];
$confirmnewpassword = $_POST['confirmnewpassword'];
$query = "UPDATE texaskitchen.users SET password='******' WHERE id=" . $_SESSION["forgotpwduserid"] . ";";
$data = $mysqli->query($query);
if ($data) {
header('Location: userchangepassword_success.html');
exit;
//echo "YOUR REGISTRATION IS COMPLETED...";
} else {
header('Location: userchangepassword_failure.html');
exit;
}
}
ChangePassword($mysqli);
<title>NiDB - Manage Public Downloads</title>
</head>
<body>
<div id="wrapper">
<?php
require "functions.php";
require "includes.php";
require "menu.php";
require "nidbapi.php";
/* ----- setup variables ----- */
$action = GetVariable("action");
$id = GetVariable("id");
/* determine action */
if ($action == "changepassword") {
ChangePassword($id);
} elseif ($action == "delete") {
DeleteDownload($id);
} else {
DisplayDownloadList();
}
/* ------------------------------------ functions ------------------------------------ */
/* -------------------------------------------- */
/* ------- ChangePassword --------------------- */
/* -------------------------------------------- */
function ChangePassword($id, $password)
{
/* perform data checks */
$pwd = sha1($password);
/* update the site */
$sqlstring = "update public_downloads set pd_password = '******' where pd_id = {$id}";
} else {
if (isset($_GET["no"]) && $_GET["no"] == "14") {
// for getting the mentor of a particular mentee.
GetMentorDetailsOfMentee($_GET["email"], $_GET["id"]);
} else {
if (isset($_GET["no"]) && $_GET["no"] == "15") {
// for sending the message from the mentee to the mentor.
SendMessageFromMenteeToMentor($_GET["toEmail"], $_GET["msg"], $_GET["email"]);
} else {
if (isset($_GET["no"]) && $_GET["no"] == "16") {
// for adding the user to the User and the Specified table.
AddUser($_GET["organ"], $_GET["course"], $_GET["email"], $_GET["level"]);
} else {
if (isset($_GET["no"]) && $_GET["no"] == "17") {
// for changing the password of the specified Account.
ChangePassword($_GET["email"], $_GET["oldPassword"], $_GET["newPassword"], $_GET["newPasswordConfirm"], $_GET["table"]);
} else {
if (isset($_GET["no"]) && $_GET["no"] == "18") {
// for getting the assignments based on a mentor email and id.
GetMentorAssignment($_GET["email"], $_GET["id"]);
} else {
if (isset($_GET["no"]) && $_GET["no"] == "19") {
// for getting the calender image on the mentor page.
GetMentorCalender($_GET["mentorEmail"]);
} else {
if (isset($_GET["no"]) && $_GET["no"] == "20") {
// for getting the director details of a particular mentor.
GetDirectorDetailsOfMentor($_GET["email"], $_GET["id"]);
} else {
if (isset($_GET["no"]) && $_GET["no"] == "21") {
// for sending the message from the mentor to the director.
$UI_CONFIG->user_page($UserID, $user_login, "edit", "user.password({$UserID})");
BeginHtml($Title12, $Title3 . $Delimeter . $Title6, "http://" . $DOC_DOMAIN . "/management/users/password/");
$perm->ExitIfNotAccess(NC_PERM_ITEM_USER, NC_PERM_ACTION_EDIT, $UserID, 0, 0);
ChangePasswordFormAdmin($UserID);
break;
case 7:
# собственно сменим пароль
$perm->ExitIfNotAccess(NC_PERM_ITEM_USER, NC_PERM_ACTION_EDIT, $UserID, 0, 1);
if (strlen($Password1) == 0 && strlen($Password2) == 0) {
BeginHtml($Title2, $Title3 . $Delimeter . $Title6, "http://" . $DOC_DOMAIN . "/management/users/password/");
$UI_CONFIG->user_page($UserID, $user_login, "edit", "user.password({$UserID})");
nc_print_status(CONTROL_USER_ERROR_EMPTYPASS . "<BR>\n" . CONTROL_USER_ERROR_RETRY . "<BR>\n", 'error');
ChangePasswordFormAdmin($UserID);
} elseif ($Password1 == $Password2) {
BeginHtml($Title2, $Title2, "http://" . $DOC_DOMAIN . "/management/users/");
ChangePassword($UserID, $Password1, $db);
unset($UserID);
SearchUserResult();
} else {
$UI_CONFIG->user_page($UserID, $user_login, "edit", "user.password({$UserID})");
BeginHtml($Title2, $Title3 . $Delimeter . $Title6, "http://" . $DOC_DOMAIN . "/management/users/password/");
nc_print_status(CONTROL_USER_ERROR_PASSDIFF . "<BR>\n" . CONTROL_USER_ERROR_RETRY . "<BR>\n", 'error');
ChangePasswordFormAdmin($UserID);
}
break;
case 8:
# показать права доступа пользователя
$UI_CONFIG->user_page($UserID, $user_login, "rights");
BeginHtml($Title2, $Title3 . $Delimeter . $Title7, "http://" . $DOC_DOMAIN . "/management/users/rights/");
$perm->ExitIfNotAccess(NC_PERM_ITEM_USER, NC_PERM_ACTION_RIGHT, $UserID, 0, 0);
ShowUserPermissions($UserID, 11);
break;
case "savenewuserpassword":
if (IsAdmin()) {
$username = $_POST["username"];
$password1 = $_POST["password1"];
$password2 = $_POST["password2"];
EditUserPassword($username, $password1, $password2);
}
$page = "editusers";
break;
case "changepassword":
if (IsLoggedIn()) {
$passwordold = $_POST["passwordold"];
$password1 = $_POST["password1"];
$password2 = $_POST["password2"];
ChangePassword($passwordold, $password1, $password2);
}
$page = "usersettings";
break;
case "saveuserchanges":
if (IsLoggedIn()) {
$displayName = $_POST["displayname"];
$twitterHandle = $_POST["twitterhandle"];
$emailAddress = $_POST["emailaddress"];
ChangeUserData($displayName, $twitterHandle, $emailAddress);
}
$page = "usersettings";
break;
case "savenewtheme":
if (IsLoggedIn()) {
$newTheme = $_POST["theme"];
