| Username | |
| Old Password | |
| New Password | |
| New Password Confimation. | |
"; else $chkArr[]=true; } if(count($chkArr)==count($required)) { $connection = odbc_connect( $connection_string, $user, $pass ); if(!$func->is_valid_string($_POST[username]) && !$func->is_valid_string($_POST[oldpassword]) && !$func->is_valid_string($_POST[newpassword1]) && !$func->is_valid_string($_POST[newpassword2])) { $usernameP=$_POST[username]; $newpassword=$_POST[newpassword1]; $query = "SELECT * FROM [Account].[dbo].[tUser] WHERE [sUserID]='$usernameP'"; $q = odbc_exec($connection, $query); $qt = odbc_do($connection, $query); $i = 0; while(odbc_fetch_row($qt)) $i++; if($i<=0 or $_POST[newpassword1] != $_POST[newpassword2]) echo"$_POST[username], doesn't exist or new password isn't equal to password repetition!"; else { $query = "SELECT TOP 1 sUserPW FROM Account..tUser WHERE [sUserID]='$usernameP'"; $q = odbc_exec($connection, $query); $qt = odbc_do($connection, $query); $get_password = odbc_result($qt, "sUserPW"); $oldpassword = $get_password; if($_POST[oldpassword] != $oldpassword) { echo"Invalid old Password!"; } else { $query = "UPDATE [Account].[dbo].[tUser] SET [sUserPW] = '$newpassword' WHERE sUserID = '$usernameP'"; $q = odbc_exec($connection, $query); if($q) echo"Username, $_POST[username] has been updated!"; } } } else echo"Please re-enter username and password, remove all special characters!"; } echo "
Return"; } ob_end_flush(); ?>