membersOnly();
require_once 'html_form.php';
$form = new Form(uri_self());
$form->addPassword('oldpass', 'Old password');
$form->addPassword('newpass1', 'New password');
$form->addPassword('newpass2', 'New password again');
$form->addSubmit('Change password');
$form->addRule('oldpass', 'range:5:20', 'Old password should be 5 to 20 characters.');
$form->addRule('newpass1', 'range:5:20',
'Your new password should be 5 to 20 characters.');
$form->addRule('newpass2', 'range:5:20',
'Your new repeated password should be 5 to 20 characters.');
$form->addRule('newpass1', 'match:newpass2', 'Your new passwords do not match.');
$form->addFilter('_ALL_', 'db');
if ($form->valid() ) {
$processed = $form->getProcessed();
$cookie = $user->generateCookie();
$md5pass = "'" . md5(substr($processed['oldpass'], 1, -1)) . "'";
$sql = "UPDATE member SET " .
"password = md5($processed[newpass1]), cookie = '$cookie' WHERE " .
"(id = $_SESSION[uid]) AND " .
"(password = $md5pass))";
$result = $db->query($sql);
if ($db->affectedRows() == 1) {
$user->updateCookie($cookie);
$message = 'Your password has been changed, you should use your new password ' .
'from now on.
';
} else {
$message = "Your password could not be changed.
";
$message .= "Please verify that your old password is correct and you haven't already changed it, ";
$message .= "then try again.
";
$message .= $form->toHtml();
}
echo $message;
} else {
$form->display();
}
?>