I created a change password script and it seems to not want to work.
when I put in the wrong password it doesnt error out and say Old Password doesn't match exisiting.
when I put in 2 passwords that dont match it doesnt error out...
if(isset($_POST['changepass'])){
//Getting Variables
$oldpass = $_POST['oldpass'];
$newpass = $_POST['newpass'];
$conpass = $_POST['conpass'];
$oldpass1 = sha1($oldpass);
$pass = sha1($newpass);
//check exisiting password matches
if(!$oldpass){
$passmsg = "Please Enter Password";
}else{
$query = "SELECT * FROM admin WHERE id='$id'";
$result=mysql_query($query);
$row=mysql_fetch_array($result);
if($oldpass1 = $row['passcode']){
//Check new password and confirm passwords match
if ($newpass == $conpass) {
//Update the database
$sql = mysql_query("UPDATE admin SET passcode='$pass' WHERE id = '$id'")or die (mysql_error());
$to = "$email";
$additionalheaders = 'MIME-Version: 1.0' . "\r\n";
$additionalheaders .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$additionalheaders .= "From: Patrick's Computer Repair Inc.\r\n";
$additionalheaders .= "Reply-To: noprely@patrickspcrepair.com";
$subject = "Your password has been changed";
$body = "<html><body>"."\n";
$body .= "Hi $login_session, <br /><br /> You or someone else has recently changed your password. <br />If you did not request this change, please contact us immedately at support@patrickspcrepair.com <br /><br />Your username is $user <br /><br />Regards, <br /><br /><img style=\"border:none; text-decoration:none;\" src=\"http://patrickspcrepair.com/portal/images/logo.gif\" alt=\"Patrick\'s Computer Repair Inc.\" /> ";
$body .= "</html></body>"."\n";
mail($to, $subject, $body, $additionalheaders);
$passmsg = 'Your password has been changed. Please logout and back in.';
}else{
$passmsg = 'Passwords do not match';
}
}else{
$passmsg = "Old password is incorrect";
}
}
}
