define('INCLUDE_CHECK', true); session_start(); $username = $_SESSION['user']->username; if (isset($_POST['opassword'])) { $opassword = $_POST['opassword']; } else { die("Enter old Password"); } if (sha1($opassword) != $_SESSION['user']->password) { die("wrong old password"); } if (isset($_POST['password'])) { $password = $_POST['password']; } else { die("Enter Password"); } if (isset($_POST['confirmPassword'])) { $cpassword = $_POST['confirmPassword']; } else { die("Enter Confirm Password"); } if ($password != $cpassword) { die("Password mis-match"); } $id = $_SESSION['user']->role_id; $u = new user_class($username, $password, $id); echo $u->updateUser(); $user = user_class::getUserObject($username); $_SESSION['user'] = $user; $l = new site_log(NULL, NULL, $_SESSION['user']->username, $_SERVER['REMOTE_ADDR'], $username . " changed password"); $l->insertlog();
<?php //if(!isset($_SERVER['HTTP_REFERER'])){ // header("location: ../../access_denied.php?data=You don't have direct access to this page"); //} define('INCLUDE_CHECK', true); if (isset($_GET['uname'])) { $ti = $_GET['uname']; } else { die("First Go to user managemant page"); } require_once 'db/user_class.php'; $a = user_class::getRoles(); $user = user_class::getUserObject($ti); if ($a === 0) { die("no role entry in database"); } if ($user === 0) { die("invalid user"); } ?> <form method="post" id="updateform" enctype="multipart/form-data" action="server/users/user_update_server.php"> <label for="userName">Username<span style="color:red;">*</span>:</label> <input type="text" value="<?php echo $user->username; ?> " readonly="true" id="userName" name="userName" class="text ui-widget-content ui-corner-all" required maxlength="10" /> <label for="password">Password<span style="color:red;">*</span>: (8 to 10 character , one special character and one number is required) </label> <input type="password" name="password" id="password" pattern="^(?=.*\d+)(?=.*[a-zA-Z])[0-9a-zA-Z!@#$%]{8,10}$" class="text ui-widget-content ui-corner-all" required />