/** * Compare Passwords */ function comparePasswords($givenpass, $realpass, $username, $cryptSalt = '') { if (empty($givenpass) || empty($realpass) || empty($username)) { return false; } $compare2crypt = true; $compare2text = true; $system = pnConfigGetVar('system'); $md5pass = md5($givenpass); if (strcmp($md5pass, $realpass) == 0) { return $md5pass; } elseif ($compare2crypt && $system != "1") { $crypted = false; if ($cryptSalt != '') { if (strcmp(crypt($givenpass, $cryptSalt), $realpass) == 0) { $crypted = true; } } else { if (strcmp(crypt($givenpass, $cryptSalt), $realpass) == 0) { $crypted = true; } } if ($crypted) { updateUserPass($username, $md5pass); return $md5pass; } } elseif ($compare2text && strcmp($givenpass, $realpass) == 0) { updateUserPass($username, $md5pass); return $md5pass; } return false; }
} echo '</ul>'; } else { // the form has been posted without errors, so save it require_once 'db_query.php'; connectToDB(); $result = checkUsersWithNamePassPair($user_name, $_POST['user_pass']); if (!$result) { //something went wrong, display the error echo 'Something went wrong while verifying your account. Please try again later.'; //echo mysql_error(); //debugging purposes, uncomment when needed } else { if (mysql_num_rows($result) == 0) { echo 'You have supplied a wrong password. Please try again.'; } else { $result = updateUserPass($user_id, $_POST['user_pass_new']); if (!$result) { //something went wrong, display the error echo 'Something went wrong while updating your password. Please try again later.'; //echo mysql_error(); //debugging purposes, uncomment when needed } else { //the query was successfully executed echo 'Your new password has been set!'; } } } closeDB(); } } } require 'footer.php';