rcts.org.uk

0 )) { $fail = 0; if (( is_null( $_POST["user"] )) || ( strlen( $_POST["user"] ) == 0 )) { ?>

 User is required 

 Existing Password is required 

 New Password is required 

 New Password (repeat) is required 

0 ) && ( ! is_null( $_POST["password2"] )) && ( strlen( $_POST["password2"] ) > 0 )) { if ( $_POST["password1"] != $_POST["password2"] ) { ?>

 Passwords do not match 

 New password too short (minimun six characters) 

0 ) && ( ! is_null( $_POST["password"] )) && ( strlen( $_POST["password"] ) > 0 )) { unset($_SESSION['access_id']); unset($_SESSION['authority_id']); unset($_SESSION['authority_user']); $sql = "SELECT password FROM user WHERE (( user = '" . mysql_real_escape_string( $_POST["user"] ) . "' ) OR ( email = '" . mysql_real_escape_string( $_POST["user"] ) . "' )) AND ( sys_expires > NOW() )"; $result = mysql_query( $sql ); $salt = ""; if ( $row = mysql_fetch_assoc( $result )) { $salt = $row[ "password" ]; } $pass = generateHash( $_POST["password"], false, $salt ); $sql = "SELECT access,authority,user,name FROM user WHERE (( user = '" . mysql_real_escape_string( $_POST["user"] ) . "' ) OR ( email = '" . mysql_real_escape_string( $_POST["user"] ) . "' )) AND (( password = '" . $pass . "' ) OR ( password = '" . mysql_real_escape_string( $_POST["password"] ) . "' )) AND ( sys_expires > NOW() )"; $result = mysql_query( $sql ); $authority = ""; $access = ""; if ( $row = mysql_fetch_assoc( $result )) { $access = $row["access"]; $authority = $row["authority"]; if ( $authority == "webmaster" ) { $access = "officer"; } if ( $access == "officer" ) { $access = "officer,member"; } $_SESSION["access_id"] = explode( ",", $access ); if (( ! is_null( $authority )) && ( strlen( $authority ) > 0 )) { $_SESSION["authority_id"] = $authority; } $_SESSION["authority_user"] = $row["user"]; $_SESSION["authority_name"] = $row["name"]; ?> NOW() )"; $result2_result = mysql_query( $result2_sql ); if ( $_SESSION["authority_id"] == "webmaster" ) { if ( mysql_errno ) { echo mysql_error(); } } if ( $debug > 0 ) { if ( ! $result2_result ) { echo "SQL " . $result2_sql . "
"; echo mysql_error() . "
"; } } } else { ?>

 Login Failed - Incorrect Username or Password 

NOW() )"; $result2 = mysql_query( $sql2 ); if ( $row2 = mysql_fetch_assoc( $result2 )) { $result3_sql = "UPDATE user SET failed = " . ($row2['failed']+1) . " WHERE (( user = '" . mysql_real_escape_string( $_POST["user"] ) . "' ) OR ( email = '" . mysql_real_escape_string( $_POST["user"] ) . "' )) AND ( sys_expires > NOW() )"; $result3_result = mysql_query( $result3_sql ); if ( $_SESSION["authority_id"] == "webmaster" ) { if ( mysql_errno ) { echo mysql_error(); } } if ( $debug > 0 ) { if ( ! $result3_result ) { echo "SQL " . $result3_sql . "
"; echo mysql_error() . "
"; } } echo mysql_error(); } mysql_free_result( $result2 ); } mysql_free_result( $result ); } if ( $fail == 0 ) { $change_sql = "UPDATE user SET password = '" . generateHash( $_POST["password1"], false ) . "', sys_updated = STR_TO_DATE( '" . date( "d/m/Y" ) . "', '%d/%m/%Y' ) WHERE user = '" . mysql_real_escape_string( $_POST["user"] ) . "' AND ( sys_expires > NOW() )"; $change_result = mysql_query( $change_sql ); if ( $_SESSION["authority_id"] == "webmaster" ) { if ( mysql_errno ) { echo mysql_error(); } } if ( $debug > 0 ) { if ( ! $change_result ) { echo "SQL " . $change_sql . "
"; echo mysql_error() . "
"; } } if ( $change_result ) { ?>

Password changed succesfully

"; ?> User:">
Existing Password:">
New Password:">
New Password (repeat):">