} $NewUserid = isset($_POST['Userid']) ? $_POST['Userid'] : ""; $NewChurchID = isset($_POST['ChurchID']) ? $_POST['ChurchID'] : ""; $NewEmail = isset($_POST['Email']) ? $_POST['Email'] : ""; $Name = isset($_POST['Name']) ? $_POST['Name'] : ""; $Password = isset($_POST['Password']) ? $_POST['Password'] : ""; $IsAdmin = isset($_POST['Admin']) ? $_POST['Admin'] : ""; $Status = isset($_POST['Status']) ? $_POST['Status'] : ""; if ($NewUserid == "") { $ErrorMsg = "Please enter the required field: Userid"; } else { if ($Name == "") { $ErrorMsg = "Please enter the required field: Name"; } elseif ($Password == "" and (isset($_POST['updPwd']) and $_POST['updPwd'] == 'on' or $mode == 'add')) { $ErrorMsg = "Please enter the required field: Password"; } elseif ($Password != "" and !verifyPasswordFormat($Password)) { $ErrorMsg = "Sorry, chosen password is too easily hacked.<br>Must be:<br>7 or more characters long<br>Mixed Case<br>Include at least 1 number<br>Include at least 1 special Character"; } elseif ($NewChurchID == "" or $NewChurchID == '0') { $ErrorMsg = "Please enter the required field: Church"; } elseif ($IsAdmin == "") { $ErrorMsg = "Please Indicate if person is an Administrator or not"; } elseif ($NewEmail == "" and (isset($_POST['updEmail']) and $_POST['updEmail'] == 'on' or $mode == 'add')) { $ErrorMsg = "Please Enter Email address"; } elseif ($NewEmail != "" and !filter_var($NewEmail, FILTER_VALIDATE_EMAIL)) { $ErrorMsg = "Sorry, That does not appear to be a valid email address"; } elseif ($Status == "") { $ErrorMsg = "Please Indicate the status of the account"; } } if ($ErrorMsg == "") { ereg_replace("'", "''", $Name);
//---------------------------------------------------------------------------- // This software is licensed under the MIT license. Use as you wish but give // and take credit where due. // // Author: Paul Lemmons //---------------------------------------------------------------------------- include 'include/RegFunctions.php'; $message = ''; if (isset($_POST['ChangePwd'])) { $oldPassword = isset($_POST['oldPwd']) ? $_POST['oldPwd'] : ''; $newPassword1 = isset($_POST['newPwd1']) ? $_POST['newPwd1'] : ''; $newPassword2 = isset($_POST['newPwd2']) ? $_POST['newPwd2'] : ''; if ($newPassword1 != $newPassword2) { $message = "New Passwords do not match."; } elseif (!verifyPasswordFormat($newPassword1)) { $message = "Sorry, chosen password is too easily hacked. Read note above"; } else { $results = $db->query("select Password,count(*) as Count\n from {$UsersTable}\n where Userid = '{$Userid}'\n and Status != 'L'\n ") or die("Unable to validate Userid and Password!" . sqlError()); $row = $results->fetch(PDO::FETCH_ASSOC); if ($row['Count'] != 1 or !password_verify($oldPassword, $row['Password'])) { $message = "Sorry, You did not enter current password correctly."; } else { $newPassword = password_hash($newPassword1, PASSWORD_DEFAULT); if ($db->query("update {$UsersTable} set Password = '******' where Userid='{$Userid}'")) { $message = "Your password has been successfully updated"; } else { $message = "Unable to update Password!" . sqlError(); } } }