fix password change for mysql auth

git-svn-id: http://www.observium.org/svn/observer/trunk@1232 61d68cd4-352d-0410-923a-c4978735b2b8

html/includes/authentication/mysql.inc.php

@@ -3,7 +3,7 @@
 function authenticate($username,$password)
 {
   $encrypted = md5($password);
-  $sql = "SELECT username FROM `users` WHERE `username`='".$_SESSION['username']."' AND `password`='".$encrypted."'";
+  $sql = "SELECT username FROM `users` WHERE `username`='".$username."' AND `password`='".$encrypted."'";
   $query = mysql_query($sql);
   $row = @mysql_fetch_array($query);
   if($row['username'] && $row['username'] == $username) 
@@ -18,10 +18,10 @@ function passwordscanchange()
   return 1;
 }
 
-function changepassword($username,$newpassword)
+function changepassword($username,$password)
 {
   $encrypted = md5($password);
-  $sql = "UPDATE `users` SET  password`='$encrypted' WHERE `username`='".$_SESSION['username']."'";
+  $sql = "UPDATE `users` SET `password` = '$encrypted' WHERE `username`='".$username."'";
   $query = mysql_query($sql);
 }
 
@@ -56,4 +56,4 @@ function get_userid($username)
   return $row['user_id'];
 }
  
-?>
+?>

html/pages/preferences.php

@@ -2,6 +2,28 @@
 echo("<div style='margin: 10px'>");
 echo("<h3>User Preferences</h3>");
 
+
+if($_POST['action'] == "changepass") {
+
+  if(authenticate($_SESSION['username'],$_POST['old_pass'])) {
+    if($_POST['new_pass'] == "" || $_POST['new_pass2'] == "")
+    {
+      $changepass_message = "Password must not be blank.";
+    }
+    elseif($_POST['new_pass'] == $_POST['new_pass2']) 
+    {
+      changepassword($_SESSION['username'],$_POST['new_pass']);
+      $changepass_message = "Password Changed.";      
+    } 
+    else 
+    {
+      $changepass_message = "Passwords don't match.";
+    }
+  } else {
+    $changepass_message = "Incorrect password";
+  }
+}
+
 include("includes/update-preferences-password.inc.php");
 
 echo("<div style='width: 800px; background-color: #fff; padding:5px; margin-bottom:10px; float:left;'>");