Login for access to this page");
die();
}
//If no member_ID is present, redirect the user.
if ($_SESSION['first_name'] != true) {
//need the functions.
require('includes/login_funtions.inc.php');
redirect_user();
die(); //added by Darren
}
//**ADD PHP** check if member and then get their details and put in form
if (!empty($_SESSION['first_name'])) {
$query = mysqli_query($dbc, "SELECT * FROM members WHERE first_name = '".$first_name."'");
$result = mysqli_fetch_assoc($query); // put result in an array
if ($result) {
$fn = $result['first_name'];
$ln = $result['last_name'];
$e = $result['email'];
$m = $result['mobile'];
$p = $result['password'];
}
}
// Check for form submission.
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
require('includes/mysqli_connect.php'); // Connect to the Database.
$errors = array(); // Initialize an error array.
//this isnt needed because logged in details entered
//check for email address.
/*if (empty($_POST['email'])) {
$errors[] = 'You forgot to enter your email address.';
} else {
$e = mysqli_real_escape_string($dbc,trim($_POST['email']));
//$e = trim($_POST['email']); try without this
}
//check for current password.
if (empty($_POST['password'])) {
$errors[] = 'You forgot to enter your current password.';
} else {
$p = mysqli_real_escape_string($dbc,trim($_POST['password']));
//$p = trim($_POST['password']); try without this
}*/
//Check for new password and match with new confirmed password.
if (!empty($_POST['pass1'])) {
if ($_POST['pass1'] != $_POST['pass2']) {
$errors[] = 'Your password did not match the confirmed password.';
} else {
$np = mysqli_real_escape_string($dbc,trim($_POST['pass1']));
//$np = trim($_POST['pass1']); try without this
}
} else {
$errors[] = 'You forgot to enter your new password';
}
if (empty($errors)){ // If everything is OK.
$result = ""; //clear variable
$query = ""; //clear variable
// Check that they have entered the right email address/password combination.
$query = "SELECT member_ID FROM members WHERE email= '$e' AND password= '$p' "; //'".$e."' AND password='".$p."'"; try without this
$result = @mysqli_query($dbc, $query);
$num = @mysqli_num_rows($result);
if ($num == 1) { // Match was made.
// Get the member_id.
$row = mysqli_fetch_array($result, MYSQLI_NUM);
// Make the update query.
$query = "UPDATE members SET password = '$np' WHERE member_ID = '$row[0]' "; // '".$row[0]."'"; Darren took this out.
$result = @mysqli_query($dbc, $query);
die();
if (mysqli_affected_rows($dbc) == 1) { // If it ran OK. (copied from text book)
// Print message.
echo 'Thank You!
';
echo 'Your password has been updated.
';
} else {
// Public message.
echo 'System Error
';
echo ' Your password could not be changed due to a system error. We apologize for any inconvenience.
';
// Debugging message.
echo'' . mysqli_error($dbc) . '
Query: ' . $q . '
'; // This was missing. //
Query: ' . $q . ' //
}
mysqli_close($dbc); // Close the database connection.
// include the footer and quit the script (to not show the form).
include('includes/footer.php'); // Check this Darren.
exit();
} else {
echo 'Error!
';
echo ' The email address and password did not match those on file.
';
}
} else { // Report the errors.
echo'Error!
';
echo'The following error(s)occurred:
';
foreach($errors as $msg){ // Print each error.
echo " - $msg
\n";
}
echo'
Please try again.
';
} // End of if (empty($errors)) IF.
mysqli_close($dbc); // Close the database connection.
} // End of the main Submit conditional.
?>
Change Your Password