I have a html/php page index.php with prior code and functions however there is a function that prompts the user to change its password if its expired.
I want when the user clicks the change password button it calls the changepassword() function(all code located on the same page). Problem I am having is when the user clicks the change password button it defaults back to the login screen. I'm guessing its a result of the action="index.php"attribute.
How do i get the button to directly call the function and not doing a action="index.php" which will always default back to the login page? here is a synapses of the code
$oldpassword = $_POST["oldpassword"];
$newpassword = $_POST["newpassword"];
$confirmpassword = $_POST["confirmpassword"];
$passwordResult = '';
if($_POST["update"] == "user")
{
$passwordResult = ChangePassword($db_connection, $userid, $_POST["oldpassword"], $_POST["newpassword"], $_POST["confirmpassword"]);
}
echo'
<div class="dataform">
<form method="post" action="index.php">
<table>
<tr><td>
Old Password:
</td><td>
<input type="password" name="oldpassword" value=""/><br/>
</td></tr><tr><td>
New Password:
</td><td>
<input type="password" name="newpassword" value=""/><br/>
</td></tr><tr><td>
Confirm Password:
</td><td>
<input type="password" name="confirmpassword" value=""/><br/>
</td></tr><tr><td>
<input type="submit" value="Change Password"/>
</td></tr>
</table>
<input type="hidden" name="update" value="user"/>
</form>
'.$passwordResult.'
</div>';
}
Change password function:
function ChangePassword($db_connection, $userid, $old, $new, $confirm)
{
if($confirm != $new)
{
echo '<font color="red">The confirmation password does not match the new password.</font>';
return;
}
$qrystring = 'UPDATE user
SET password = SHA1(?)
WHERE userid = ?
AND password = SHA1(?)';
if ($statement = $db_connection->prepare($qrystring))
{
$statement->bind_param('sss', $new, $userid, $old);
$statement->execute();
$reportid = $db_connection->insert_id;
if($statement->affected_rows != 0)
{
$db_connection->commit();
echo $header_string.'
<font color="green"><b>Your password was successfully updated.</b></font><br/>';
}
else
{
$db_connection->rollback();
echo $header_string.'
<font color="red">We were unable to update your password. Please verify that the old password is correct.<i>(u3)</i></font><br/>';
}
$statement->close();
}
else
{
$db_connection->rollback();
echo $header_string.'
<font color="red">We were unable to update your password at this time.<i>(u4)</i></font><br/>';
}
}