rcts.org.uk
0 )) {
$fail = 0;
if (( is_null( $_POST["user"] )) || ( strlen( $_POST["user"] ) == 0 )) {
?>
User is required
Existing Password is required
New Password is required
New Password (repeat) is required
0 ) && ( ! is_null( $_POST["password2"] )) && ( strlen( $_POST["password2"] ) > 0 )) {
if ( $_POST["password1"] != $_POST["password2"] ) {
?>
Passwords do not match
New password too short (minimun six characters)
0 ) && ( ! is_null( $_POST["password"] )) && ( strlen( $_POST["password"] ) > 0 )) {
unset($_SESSION['access_id']);
unset($_SESSION['authority_id']);
unset($_SESSION['authority_user']);
$sql = "SELECT password FROM user WHERE (( user = '" . mysql_real_escape_string( $_POST["user"] ) . "' ) OR ( email = '" . mysql_real_escape_string( $_POST["user"] ) . "' )) AND ( sys_expires > NOW() )";
$result = mysql_query( $sql );
$salt = "";
if ( $row = mysql_fetch_assoc( $result )) {
$salt = $row[ "password" ];
}
$pass = generateHash( $_POST["password"], false, $salt );
$sql = "SELECT access,authority,user,name FROM user WHERE (( user = '" . mysql_real_escape_string( $_POST["user"] ) . "' ) OR ( email = '" . mysql_real_escape_string( $_POST["user"] ) . "' )) AND (( password = '" . $pass . "' ) OR ( password = '" . mysql_real_escape_string( $_POST["password"] ) . "' )) AND ( sys_expires > NOW() )";
$result = mysql_query( $sql );
$authority = "";
$access = "";
if ( $row = mysql_fetch_assoc( $result )) {
$access = $row["access"];
$authority = $row["authority"];
if ( $authority == "webmaster" ) {
$access = "officer";
}
if ( $access == "officer" ) {
$access = "officer,member";
}
$_SESSION["access_id"] = explode( ",", $access );
if (( ! is_null( $authority )) && ( strlen( $authority ) > 0 )) {
$_SESSION["authority_id"] = $authority;
}
$_SESSION["authority_user"] = $row["user"];
$_SESSION["authority_name"] = $row["name"];
?>
NOW() )";
$result2_result = mysql_query( $result2_sql );
if ( $_SESSION["authority_id"] == "webmaster" ) {
if ( mysql_errno ) {
echo mysql_error();
}
}
if ( $debug > 0 ) {
if ( ! $result2_result ) {
echo "SQL " . $result2_sql . "
";
echo mysql_error() . "
";
}
}
}
else
{
?>
Login Failed - Incorrect Username or Password
NOW() )";
$result2 = mysql_query( $sql2 );
if ( $row2 = mysql_fetch_assoc( $result2 )) {
$result3_sql = "UPDATE user SET failed = " . ($row2['failed']+1) . " WHERE (( user = '" . mysql_real_escape_string( $_POST["user"] ) . "' ) OR ( email = '" . mysql_real_escape_string( $_POST["user"] ) . "' )) AND ( sys_expires > NOW() )";
$result3_result = mysql_query( $result3_sql );
if ( $_SESSION["authority_id"] == "webmaster" ) {
if ( mysql_errno ) {
echo mysql_error();
}
}
if ( $debug > 0 ) {
if ( ! $result3_result ) {
echo "SQL " . $result3_sql . "
";
echo mysql_error() . "
";
}
}
echo mysql_error();
}
mysql_free_result( $result2 );
}
mysql_free_result( $result );
}
if ( $fail == 0 ) {
$change_sql = "UPDATE user SET password = '" . generateHash( $_POST["password1"], false ) . "', sys_updated = STR_TO_DATE( '" . date( "d/m/Y" ) . "', '%d/%m/%Y' ) WHERE user = '" . mysql_real_escape_string( $_POST["user"] ) . "' AND ( sys_expires > NOW() )";
$change_result = mysql_query( $change_sql );
if ( $_SESSION["authority_id"] == "webmaster" ) {
if ( mysql_errno ) {
echo mysql_error();
}
}
if ( $debug > 0 ) {
if ( ! $change_result ) {
echo "SQL " . $change_sql . "
";
echo mysql_error() . "
";
}
}
if ( $change_result ) {
?>
Password changed succesfully