id = $context['id']; $this->db_name = $context['db_name']; } public function form() { ?>

Current Password :
New Password :
Confirm Password :

db_name; $id = $this->id; $old_password = $database->getOne("SELECT password FROM $db_name"."users WHERE id='$id'"); $current_password_orig = mysql_escape_string($_POST['current_pw']); $new_password_orig = mysql_escape_string($_POST['new_pw']); $confirm_password_orig = mysql_escape_string($_POST['conf_new_pw']); if(empty($current_password_orig) || empty($new_password_orig) || empty($confirm_password_orig)) { confirmation::error_temp("change your password, you must fill all the fields!"); } else { $hasher = new PasswordHash(8, FALSE); $check = $hasher->CheckPassword($current_password_orig, $old_password); $new_password = md5($new_password_orig); $confirm_password = md5($confirm_password_orig); if(!$check) { confirmation::error_temp("change your password, please fill out this form with the correct details!"); } else if($new_password != $confirm_password) { confirmation::error_temp("change your password, Your new password and confirmation password are not the same, please retry again!"); } else { $hasher = new PasswordHash(8, FALSE); $new_password = $hasher->HashPassword($new_password_orig); $database->StartTrans(); $update = " update $db_name"."users SET password = '$new_password' WHERE id = '$id' LIMIT 1"; $query = $database->query($update); logs::submit_logs(array("table" => "users", "action_type" => 2,"foreign_id" => $id, "description" => "Modified Account Password")); $results = $database->CompleteTrans(); if(!$results) { confirmation::error_temp("change your password, something unexpected happened... please retry again!"); } else { confirmation::success_temp("changed your password!"); } } } } } ?>