change_password.php

完善的PHP/MySQL电子商务方案

<?
/* change_password.php (c) 2000 Ying Zhang (ying@zippydesign.com)
 *
 * TERMS OF USAGE:
 * This file was written and developed by Ying Zhang (ying@zippydesign.com)
 * for educational and demonstration purposes only.  You are hereby granted the 
 * rights to use, modify, and redistribute this file as you like.  The only
 * requirement is that you must retain this notice, without modifications, at
 * the top of your source code.  No warranties or guarantees are expressed or
 * implied. DO NOT use this code in a production environment without
 * understanding the limitations and weaknesses pretaining to or caused by the
 * use of these scripts, directly or indirectly. USE AT YOUR OWN RISK!
 */

/******************************************************************************
 * MAIN
 *****************************************************************************/

include("../application.php");
require_login();

/* form has been submitted, check if it the user login information is correct */
if (match_referer() && isset($HTTP_POST_VARS)) {
	$frm = $HTTP_POST_VARS;
	$errormsg = validate_form($frm, $errors);

	if (empty($errormsg)) {
		update_password($frm["newpassword"]);
		$noticemsg = "Password change successful";
	}
}

$DOC_TITLE = "Change Password";
include("$CFG->templatedir/header.php");
include("$CFG->templatedir/form_header.php");
include("templates/change_password_form.php");
include("$CFG->templatedir/footer.php");

/******************************************************************************
 * FUNCTIONS
 *****************************************************************************/

function validate_form(&$frm, &$errors) {
/* validate the forgot password form, and return the error messages in a string.
 * if the string is empty, then there are no errors */

	$errors = new Object;
	$msg = "";

	if (empty($frm["oldpassword"])) {
		$errors->oldpassword = true;
		$msg .= "You did not specify your old password";

	} elseif (! password_valid($frm["oldpassword"])) {
		$errors->oldpassword = true;
		$msg .= "Your old password is invalid";

	} elseif (empty($frm["newpassword"])) {
		$errors->newpassword = true;
		$msg .= "You did not specify your new password";

	} elseif (empty($frm["newpassword2"])) {
		$errors->newpassword2 = true;
		$msg .= "You did not confirm your new password";

	} elseif ($frm["newpassword"] != $frm["newpassword2"]) {
		$errors->newpassword = true;
		$errors->newpassword2 = true;
		$msg .= "Your new passwords do not match";
	}

	return $msg;
}

function password_valid($password) {
/* return true if the user's password is valid */

	global $SESSION;
	
	$username = $SESSION["user"]["username"];
	$password = md5($password);

	$qid = db_query("SELECT 1 FROM users WHERE username = '$username' AND password = '$password'");
	return db_num_rows($qid);
}

function update_password($newpassword) {
/* set the user's password to the new one */

	global $SESSION;
	
	$username = $SESSION["user"]["username"];
	$newpassword = md5($newpassword);

	$qid = db_query("UPDATE users SET password = '$newpassword' WHERE username = '$username'");
}

?>