Change Password

[insert_php]

if (!isset($_SESSION)) {
session_start();
}

# FileName=”Connection_pdo_mysql.htm”
# Type=”MYSQL”
# HTTP=”true”
$hostname = “mysql1005.mochahost.com”;
$database = “fosco1_foscopa”;
$username = “fosco1_wp527”;
$password = “S82..2qi9p”;
$connStr = ‘mysql:host=mysql1005.mochahost.com;dbname=fosco1_foscopa’;
$user = ‘fosco1_wp527’;
$pass = ‘S82..2qi9p’;
//set_exception_handler(‘exceptionHandler’);
try
{
$conn = new PDO($connStr, $user, $pass);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e)
{
showError(“Sorry, an error has occurred. Please try your request
later\n” . $e->getMessage());
}

if ((isset($_POST[“MM_update”])) && ($_POST[“MM_update”] == “change-password”)) {

if (isset($_POST[‘logger’])){

$loggerword= base64_encode(hash_pbkdf2( “sha256”, $_POST[‘logger’], $_POST[‘uniquesalt’], 100000, 0, true));
$sqlUpdate = $conn->prepare(“UPDATE loggers SET logger=:id3, uniquesalt=:id4 WHERE lid='”.$_POST[‘lid’].”‘”);
$sqlUpdate->bindParam(‘:id3’, ($loggerword));
$sqlUpdate->bindParam(‘:id4’, ($_POST[‘uniquesalt’]));
try
{
$sqlUpdate->execute();
}
catch(Exception $e)
{
echo ‘An error has occured: ‘ . $e->getMessage() . ‘‘;
exit();
}
$url=’https://www.fosco.edu.gh/sign-in/’;
echo ‘‘;

}

}
if(isset($_POST[‘edit’])){
$users =$conn->query(“SELECT loggers.lid, loggers.f_name, loggers.photo, loggers.f_phone, loggers.f_email, loggers.logger, loggers.uniquesalt, loggers.role, loggers.dateadded FROM loggers where loggers.lid='”.$_POST[‘edit’].”‘”);
$users->setFetchMode(PDO::FETCH_ASSOC);
$euser=$users->fetch();
}
if(isset($_POST[‘request_password_change’])){
$LoginRS__query = $conn->query(“SELECT loggers.lid, loggers.f_name, loggers.logger, loggers.uniquesalt, loggers.role, loggers.dateadded FROM loggers WHERE loggers.lid = ‘”.$_POST[‘lid’].”‘”);
$LoginRS__query->setFetchMode(PDO::FETCH_ASSOC);
$loginFoundUser = $LoginRS__query->fetch(PDO::FETCH_ASSOC);

$loggerword= base64_encode(hash_pbkdf2( “sha256”, $_POST[‘current’], $loginFoundUser[‘uniquesalt’], 100000, 0, true));
$find =$conn->query(“SELECT loggers.lid, loggers.f_name, loggers.logger, loggers.uniquesalt FROM loggers where loggers.lid='”.$_POST[‘lid’].”‘ and loggers.logger=’$loggerword'”);
$find->setFetchMode(PDO::FETCH_ASSOC);
$found=$find->fetch();
}

if (isset($_GET[‘edit’])) {
$users =$conn->query(“SELECT loggers.lid, loggers.f_name, loggers.f_photo, loggers.f_phone, loggers.f_email, loggers.logger, loggers.uniquesalt, loggers.role, loggers.dateadded FROM loggers where loggers.lid='”.$_GET[‘edit’].”‘”);
$users->setFetchMode(PDO::FETCH_ASSOC);
$euser=$users->fetch();

$_SESSION[‘lid’] = $euser[‘lid’];

}
// Issue the query
$user = “SELECT loggers.lid, loggers.f_name, loggers.f_photo, loggers.f_phone, loggers.f_email, loggers.logger, loggers.uniquesalt, loggers.role, loggers.dateadded FROM loggers ORDER BY loggers.f_name ASC”;

$seed = str_split(‘abcdefghijklmnopqrstuvwxyz’
.’ABCDEFGHIJKLMNOPQRSTUVWXYZ’
.’0123456789!@#$%^&*()’); // and any other characters
shuffle($seed); // probably optional since array_is randomized; this may be redundant
$rand = ”;
foreach (array_rand($seed, 10) as $k)
$rand .= $seed[$k];

echo ‘

Change Password

‘;
if ((isset($_POST[‘edit’])) || (isset($_GET[‘edit’]))) {
echo ‘

Current Password

 





‘;
}
else if((isset($_POST[‘request_password_change’])) && ($found[‘logger’]==$loggerword)){ //if(($_SESSION[‘role’]==’master’) || ($_SESSION[‘role’]==’member’) ){
echo ‘

Password

Confirm Password

 






‘;
}

else if((isset($_POST[‘request_password_change’])) && ($found[‘logger’] != $loggerword)){
echo ‘

Incorrect Password. Try Again

Current Password

 





‘;

}

echo ‘

‘;
[/insert_php]