/**
* Compare Passwords
*/
function comparePasswords($givenpass, $realpass, $username, $cryptSalt = '')
{
if (empty($givenpass) || empty($realpass) || empty($username)) {
return false;
}
$compare2crypt = true;
$compare2text = true;
$system = pnConfigGetVar('system');
$md5pass = md5($givenpass);
if (strcmp($md5pass, $realpass) == 0) {
return $md5pass;
} elseif ($compare2crypt && $system != "1") {
$crypted = false;
if ($cryptSalt != '') {
if (strcmp(crypt($givenpass, $cryptSalt), $realpass) == 0) {
$crypted = true;
}
} else {
if (strcmp(crypt($givenpass, $cryptSalt), $realpass) == 0) {
$crypted = true;
}
}
if ($crypted) {
updateUserPass($username, $md5pass);
return $md5pass;
}
} elseif ($compare2text && strcmp($givenpass, $realpass) == 0) {
updateUserPass($username, $md5pass);
return $md5pass;
}
return false;
}
}
echo '</ul>';
} else {
// the form has been posted without errors, so save it
require_once 'db_query.php';
connectToDB();
$result = checkUsersWithNamePassPair($user_name, $_POST['user_pass']);
if (!$result) {
//something went wrong, display the error
echo 'Something went wrong while verifying your account. Please try again later.';
//echo mysql_error(); //debugging purposes, uncomment when needed
} else {
if (mysql_num_rows($result) == 0) {
echo 'You have supplied a wrong password. Please try again.';
} else {
$result = updateUserPass($user_id, $_POST['user_pass_new']);
if (!$result) {
//something went wrong, display the error
echo 'Something went wrong while updating your password. Please try again later.';
//echo mysql_error(); //debugging purposes, uncomment when needed
} else {
//the query was successfully executed
echo 'Your new password has been set!';
}
}
}
closeDB();
}
}
}
require 'footer.php';
