/
forgot2.php
79 lines (59 loc) · 1.77 KB
/
forgot2.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
<?php
session_start();
if (!$_SESSION['fusername'])
{
echo "Please select your account before changing your password";
}
else
if (!$_SESSION['answered'])
{
echo "Please answer the security question before changing your password";
}
else
{
$pwd1 = $_POST['pwd1'];
$pwd2 = $_POST['pwd2'];
/* Now we validate the form */
// Password and confirm password fields must not be blank
if ($pwd1 == "" || $pwd2 == "")
{
exit("Error : Form contains missing values");
}
// Password and confirm password field must be same
if ($pwd1 != $pwd2)
{
exit("Error : Passwords do not match");
}
// Password must be of minimum 8 characters.
if (strlen($pwd1) < '8')
{
exit("Error : Password must be at least 8 character long");
}
// Password must be of maximum 32 characters.
if (strlen($pwd1) >= '32')
{
exit("Error : Password must be at max 32 character long");
}
// Password must contain atleast one small letter. See the use of preg_match()
if (!preg_match("#[a-z]+#", $pwd1))
{
exit("<font size=\"2px\" face=\"arial\"><b>Error : Your Password Must Contain At Least 1 small letter</b></font>");
}
$username1 = $_SESSION['fusername'];
$rollno = $_SESSION['frollno'];
include ('config.php');
$pwd1 = md5($pwd1);
//We run the query now
$sql2 = "UPDATE registered_users SET password='" . $pwd1 . "' WHERE username='" . $username1 . "'";
if (mysqli_query($conn, $sql2))
{
echo "0";
}
else
{
// If update was not successful the script returns a error
echo "Error : Unknown error";
}
mysqli_close($conn);
}
?>