$stmt->bind_param("s", $_SESSION['username']);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($remPassword);
if ($stmt->num_rows > 0) {
while ($stmt->fetch()) {
$oldpassword = $remPassword;
}
$stmt->close();
if (!PassAuth::checkPassword($password, $oldpassword)) {
echo "Your current password is incorrect.";
} else {
if ($pass1 != $pass2 || empty($pass2) || empty($pass1)) {
echo "Your new passwords do not match";
} else {
if (PassAuth::checkPassword($pass1, $oldpassword)) {
echo "You can't change your password to that!";
} else {
$password = PassAuth::encryptPassword($pass1);
$stmt = $db->prepare("UPDATE " . $prefix . "users SET password=? WHERE username=?");
$stmt->bind_param("ss", $password, $_SESSION['username']);
$stmt->execute();
$stmt->close();
echo "Your password has been changed. You must login again before proceeding to another page.";
session_destroy();
}
}
}
} else {
$stmt->close();
echo "There was an error processing your request. Please try again later.";
include "../config.php";
require "PassAuth.php";
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username) || empty($password)) {
echo 'You have left something blank';
} else {
$stmt = $db->prepare("SELECT * FROM " . $prefix . "users WHERE username = ? LIMIT 1");
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();
}
if ($stmt->num_rows == 0) {
echo 'Your username or password was incorrect [0x001]';
} else {
$stmt->bind_result($nid, $nusername, $npassword, $nprivileges);
while ($stmt->fetch()) {
if (PassAuth::checkPassword($password, $npassword)) {
session_start();
$_SESSION['online'] = true;
$_SESSION['username'] = $nusername;
$_SESSION['privileges'] = $nprivileges;
$page = $_SERVER['PHP_SELF'];
echo 'Logging you in...<meta http-equiv="refresh" content="0">';
} else {
echo 'Your username or password was incorrect [0x002]';
}
}
}
$stmt->free_result();
$stmt->close();