frontier/website/password.php

<?php

session_start();
require($_SERVER['DOCUMENT_ROOT'].'/include.php');

if ($_SESSION['id'] != '')
{ // Logged in

    $id = $_SESSION['id'];

    $pass = $_POST['oldpass'];
    $hash = md5($pass);

    $new1 = $_POST['newpass1'];
    $new2 = $_POST['newpass2'];
    $newhash = md5($new1);

    if (($new1 != '') && ($new1 == $new2))
    { // New password given and confirmed

	$sql = "SELECT * FROM player WHERE id = '$id' AND pass = '$hash'";

	$result = mysqli_query($mysqli, $sql) or die($gameerror . "P-Q01");

	$num = mysqli_num_rows($result);

	if ($num == 1)
	{ // Old password matched

	    $sql = "UPDATE player SET pass = '$newhash' WHERE id = '$id'";

	    mysqli_query($mysqli, $sql) or die($gameerror . "P-Q02");

	    header("Location: $gameroot/playuser.php");

	} else { // Old password didn't match

	    echo "<HTML><HEAD><TITLE>Frontier II</TITLE>
		</HEAD><BODY BGCOLOR=\"#000000\" TEXT=\"#f0f0f0\">
		<H2 ALIGN=\"CENTER\">Frontier II</H2>
		<P><FONT COLOR=\"RED\">Oops!</FONT> Your old password was not valid. Please
		go to the <A HREF=\"$gameroot/playuser.php\">player page</A> and try again.
		</BODY></HTML>";

	}

    } else { // New passwords blank or didn't match

	echo "<HTML><HEAD><TITLE>Frontier II</TITLE>
	    </HEAD><BODY BGCOLOR=\"#000000\" TEXT=\"#f0f0f0\">
	    <H2 ALIGN=\"CENTER\">Frontier II</H2>
	    <P><FONT COLOR=\"RED\">Oops!</FONT> Your new passwords didn't match, or you left
	    them blank. Please go to the <A HREF=\"$gameroot/playuser.php\">player page</A>
	    and try again.
	    </BODY></HTML>";

    }

} else { // Not logged in

    echo "<HTML><HEAD><TITLE>Frontier II</TITLE>
	</HEAD><BODY BGCOLOR=\"#000000\" TEXT=\"#f0f0f0\">
	<H2 ALIGN=\"CENTER\">Frontier II</H2>
	<P><B><FONT COLOR=\"RED\">ERROR:</FONT> Not authenticated.</B>
	<P>Either you did not log in, or your session timed out.
	<P>Please <A HREF=\"$gameroot/index.html\">log in</A> again.
	</BODY></HTML>";

}

mysqli_close($mysqli);

?>