From 2690afc54cd2385e2199c4c368ddcd72c5ae6997 Mon Sep 17 00:00:00 2001 From: Will Concord Date: Sat, 25 Apr 2020 19:08:49 +0800 Subject: [PATCH 1/3] UpdatePassword.php: Added the Update password Page UI --- UpdatePassword.php | 109 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 UpdatePassword.php diff --git a/UpdatePassword.php b/UpdatePassword.php new file mode 100644 index 0000000..f6915d1 --- /dev/null +++ b/UpdatePassword.php @@ -0,0 +1,109 @@ + + + + + +
+ +
+
+
Course Portal > Students
+

+
+
+
+ +
+
+ +

Update Password

+ +
+ +
+

+
+ +
+ + +
+ +
+ + +
+ +
+ + +
+
+ +
+
+
+
+ + + +
+ +
+ + + +
+ + + +
+
+ + +
+ + + + \ No newline at end of file From c2e6e1cb5908b9001ade42b123f714776f02349a Mon Sep 17 00:00:00 2001 From: pacitwizere Date: Wed, 29 Apr 2020 14:09:55 +0800 Subject: [PATCH 2/3] UpdatePasswword: Deleting unused codes and write better comments --- UpdatePassword.php | 87 ++++++++++++++-------------------------------- 1 file changed, 26 insertions(+), 61 deletions(-) diff --git a/UpdatePassword.php b/UpdatePassword.php index f6915d1..a7062ec 100644 --- a/UpdatePassword.php +++ b/UpdatePassword.php @@ -1,13 +1,8 @@ -
- +

Course Portal > Students
@@ -42,68 +36,39 @@
- -
+ +
-
+
-
+
-
-
- -
-
-
-
- - - - - -
- - - -
- - - -
-
+ +
+ +
+
+
+
+ +
- + - \ No newline at end of file + + + + \ No newline at end of file From 29559c6909d12568c8410a1c0748f3c3e724f347 Mon Sep 17 00:00:00 2001 From: pacitwizere Date: Mon, 15 Jun 2020 13:20:01 +0800 Subject: [PATCH 3/3] Script.php: Adding the back-end of the update password functionality --- Script.php | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/Script.php b/Script.php index a09609c..2d8f3be 100644 --- a/Script.php +++ b/Script.php @@ -1607,4 +1607,57 @@ function checksize($file) } +// ################################ Update Password ##################################### + +if (!empty($_POST["frm_update_password"])) { + //If it fails go back to this location + header("Location: ~/../UpdatePassword.php"); + $_SESSION['info_update_password'] =""; + // Getting information form the webpage + $user_id=$_SESSION["user_id"]; // using session is more secure than using forms + $old_password=mysqli_real_escape_string($con,$_POST["old_pwd"]); + $new_password=mysqli_real_escape_string($con,$_POST["new_pwd"]); + $conf_password=mysqli_real_escape_string($con,$_POST["conf_pwd"]); + // Check if the passwords matches + if($conf_password != $new_password){ + $_SESSION['info_update_password'] = "Passwords do not match"; + return; + } + // Check if the user id exists + $result = mysqli_query($con, + "SELECT * FROM Users_Table WHERE User_ID='$user_id'"); + if(mysqli_num_rows($result)==0) + { + $_SESSION['info_update_password'] = "Invalid user information, Please Login again"; + return; + } + + while($row = mysqli_fetch_assoc($result)) { + + $db_password=$row['Password']; + $db_hashed_password=$row['HashPassword']; + $hashed_password=hash('sha512', $old_password); + // Check if the old password is incorect + if (($db_password != $old_password) &&($db_hashed_password != $hashed_password)) { + $_SESSION['info_update_password'] = "The old password is Incorrect"; + return; + } + + // Update the Password + $hashed_password=hash('sha512', $new_password); + $sql= "UPDATE users_table set HashPassword='$hashed_password' , Password = '$new_password' where User_ID=$user_id;"; + + if ($con->query($sql) === TRUE) + { + //Notify Password change + error_reporting(0); + $_SESSION["info_login"]=" Password changed successfully , you can login now with your new password "; + + //Force the user to login again + header("Location: ~/../logout.php"); + } else { + echo "Error: " . $sql . "
" . $con->error; + } + } + } \ No newline at end of file