2 /************************************************************************/
4 /************************************************************************/
5 /* Copyright (c) 2002-2010 */
6 /* Inclusive Design Institute */
8 /* This program is free software. You can redistribute it and/or */
9 /* modify it under the terms of the GNU General Public License */
10 /* as published by the Free Software Foundation. */
11 /************************************************************************/
15 $_user_location = 'users';
17 define('AT_INCLUDE_PATH', '../include/');
18 require(AT_INCLUDE_PATH.'vitals.inc.php');
20 if ($_SESSION['valid_user'] !== true) {
21 require(AT_INCLUDE_PATH.'header.inc.php');
22 $info = array('INVALID_USER', $_SESSION['course_id']);
23 $msg->printInfos($info);
24 require(AT_INCLUDE_PATH.'footer.inc.php');
28 if (isset($_POST['cancel'])) {
29 $msg->addFeedback('CANCELLED');
30 Header('Location: profile.php');
34 if (isset($_POST['submit'])) {
35 if (!empty($_POST['form_old_password_hidden'])) {
36 //check if old password entered is correct
37 $sql = "SELECT password FROM ".TABLE_PREFIX."members WHERE member_id=$_SESSION[member_id]";
38 $result = mysql_query($sql,$db);
39 if ($row = mysql_fetch_assoc($result)) {
40 if ($row['password'] != $_POST['form_old_password_hidden']) {
41 $msg->addError('WRONG_PASSWORD');
42 Header('Location: password_change.php');
47 $msg->addError(array('EMPTY_FIELDS', _AT('password')));
48 header('Location: password_change.php');
52 /* password check: password is verified front end by javascript. here is to handle the errors from javascript */
53 if ($_POST['password_error'] <> "")
55 $pwd_errors = explode(",", $_POST['password_error']);
57 foreach ($pwd_errors as $pwd_error)
59 if ($pwd_error == "missing_password")
60 $missing_fields[] = _AT('password');
62 $msg->addError($pwd_error);
66 if (!$msg->containsErrors()) {
67 // insert into the db.
68 $password = $addslashes($_POST['form_password_hidden']);
70 $sql = "UPDATE ".TABLE_PREFIX."members SET password='$password', creation_date=creation_date, last_login=last_login WHERE member_id=$_SESSION[member_id]";
71 $result = mysql_query($sql,$db);
73 require(AT_INCLUDE_PATH.'header.inc.php');
74 $msg->printErrors('DB_NOT_UPDATED');
75 require(AT_INCLUDE_PATH.'footer.inc.php');
79 $msg->addFeedback('PASSWORD_CHANGED');
80 header('Location: ./profile.php');
85 /* template starts here */
86 $savant->display('users/password_change.tmpl.php');