/includes/edit_profile.php
PHP | 39 lines | 21 code | 12 blank | 6 comment | 15 complexity | a10d4dd28910c0c4d0d1d456b2d0eee2 MD5 | raw file
Possible License(s): LGPL-2.1, BSD-2-Clause
- <?php
- defined( '_INDM' ) or die( 'POSSIBLE HACK ATTEMPT!' );
-
-
- //===========================================================================
- //>check user priviledges
- //===========================================================================
- require 'validate.php';
- if ($logged_in != true)header("Location: " . $default_url . "index.php");
-
-
- if ($action == 'save_profile') {
-
- //>get data from form
- $password_old = mysql_escape_string(stripslashes($_REQUEST['password_old']));
- $password_1 = mysql_escape_string(stripslashes($_REQUEST['password_1']));
- $password_2 = mysql_escape_string(stripslashes($_REQUEST['password_2']));
-
-
- //>if password fields set - change password
- if ($password_old != '' || $password_1 != '' || $password_2 != '') {
- if ((md5($password_old) == $password) && ($password_1 == $password_2)) {
- $password_new = md5($password_1);
- mysql_query("UPDATE " . $db_table_prefix . "core_users SET `password` = '$password_new' WHERE `user_name` = '$username'");
- $status_message = $lan[password_changed];
- } else {
- $status_message = $lan[password_not_changed];
- }
- }
- }
-
-
- //>get profile info and propogate form
-
- $main = read_file($default_url . $templates_dir . "edit_profile.tpl");
-
- $main = replace_variables($main);
-
- ?>