File: /var/www/html/tmpr/..//tmpr/../v/credentials.php
<?php
include 'DbSql.inc.php';
page_protect();
$rs_settings = mysqli_query($link,"select * from users where catalogid='$_SESSION[euserid]'");
if($_POST['doUpdate'] == 'Update')
{
$rs_pwd = mysqli_query("select pwd from users where catalogid='$_SESSION[euserid]'");
list($old) = mysql_fetch_row($rs_pwd);
if($old == md5($_POST['pwd_old']))
{
$newmd5 = md5(mysql_real_escape_string($_POST['pwd_new']));
mysqli_query("update users set pwd='$newmd5' where catalogid='$_SESSION[euserid]'");
header("Location: home.php?msg=Your new password is updated");
} else
{
header("Location: home.php?msg=Your old password is invalid");
}
}
if($_POST['doSave'] == 'Save')
{
function filter($arr) {
global $link;
return array_map(array($link, 'real_escape_string'), $arr);
}
$_POST = filter($_POST);
mysqli_query("UPDATE users SET
`catalogname` = '$_POST[name]',
`address` = '$_POST[address]',
`tel` = '$_POST[tel]',
`fax` = '$_POST[fax]',
`website` = '$_POST[web]'
WHERE catalogid='$_SESSION[euserid]'
") or die(mysql_error());
header("Location: home.php?msg=Profile+Sucessfully+saved");
}
?>
<html>
<head>
<title>My Credentials</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script>
<script language="JavaScript" type="text/javascript" src="js/jquery.validate.js"></script>
<script>
$(document).ready(function(){
$("#myform").validate();
$("#pform").validate();
});
</script>
<link href="styles.css" rel="stylesheet" type="text/css">
<style type="text/css">
<!--
.style1 {font-size: 10px}
-->
</style>
</head>
<body><?php
include 'header.php';
?>
<table width="1000" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td width="300" valign="top"><?php
include 'navigation.php';
?>
<p> </p>
<p> </p>
<p> </p>
<p> </p></td>
<td width="700" valign="top" >
<div class="graycellv3" style="width:800px;">
<br><span id="buttoned2" style="margin-top:10px">Change my Password </span><br>
<br>
<p>If you want to change your password, please input your old and new password
to make changes.</p>
<div style="padding:10px;">
<div class="wa">
<div class="wb">
<div class="wc">
<div class="wd"> <form name="pform" id="pform" method="post" action="">
<table width="80%" border="0" align="center" cellpadding="3" cellspacing="3" class="forms">
<tr>
<td width="31%">Old Password</td>
<td width="69%"><input name="pwd_old" type="password" class="required password" id="pwd_old"></td>
</tr>
<tr>
<td>New Password</td>
<td><input name="pwd_new" type="password" id="pwd_new" class="required password" ></td>
</tr>
</table>
<p align="center">
<input name="doUpdate" type="submit" class="large ezbutton green" style=" margin-top:2px;border:0px;width:200px; margin-right:5px" id="doUpdate" value="Update">
</p>
<p> </p>
</form>
<p> </p>
<p> </p></div></div></div></div></div>
<p align="right"> </p>
</div></td>
<td width="114" valign="top"> </td>
</tr>
</table>
</body>
</html>