<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />

   	<link href="/fhiiqm/css/db.css" rel="STYLESHEET" type="TEXT/CSS" /> 

	<title>change password fhiiqm</title>

</head>

<body onload="document.fpwch.pwdold.focus();">

<?php

/**

 * @author Bettina Schwarzer, Fritz-Haber-Institut

 * @copyright 09/2011

 * 

 * Passwortwechsel

 * 

 */

    error_reporting(E_ALL ^ E_NOTICE);

       session_start();

       if (!$_SESSION["userid"]) 

        	{

        	header("Location: /fhiiqm/start.php");

        	exit;

        	}

        $login  = $_POST["eintragen"];

        $log    = $_POST["log"];

//        print_r($log);

//        echo "<br />$login, " . $_SESSION["userid"] . "<br />";

        if ($login && $log["pwdnew1"]>"!" && $log["pwdnew2"]>'!' && $log["pwdnew1"] == $log["pwdnew2"])

        {

        	include_once($_SERVER['DOCUMENT_ROOT'] ."/fhiiqm/inc/dbconnect.inc.php");

        	if (!isset($dbc) || !$dbc) $dbc = new dbconnection();

            $stmt = $dbc -> stmtinit();

            if (is_object($stmt))

            {

                $stmt -> prepare("SELECT pwd FROM userweb WHERE userid = ?");

                $stmt -> bind_param('s',$_SESSION["userid"]);

                $result = $stmt -> execute();

                if ($result)

                {

                    $stmt->bind_result($pwdmd5);

                    if ($stmt->fetch()) 

                    {

                        if ($log["pwdold"] == "" || is_null($log["pwdold"]) || $pwdmd5 == md5($log["pwdold"]))

                        {

                            $stmt -> free_result(); // wegen weiterer query

                            $stmt -> prepare("UPDATE userweb SET pwd = MD5(?) WHERE userid = ?");   

                            $stmt -> bind_param('ss',$log["pwdnew2"],$_SESSION["userid"]);

                            $stmt -> execute();

                            if ($stmt -> errno > 0)

                            {

                                echo $stmt->errno . ": " . $stmt->error . "<br />";

                                echo "<div align='center' class=\"red\"><br />Passwortänderung fehlgeschlagen</div>";

                            }

                            else

                                echo "<div align='center' class=\"green\"><br />Passwortänderung f&uuml;r User '". $_SESSION["userid"] . "' ist erfolgt.</div>";

                        }

                        else

                        {

                            $err1="<div class=\"red\">altes Passwort ist nicht korrekt!</div>";

                        }

                    }    

                }

            }

        }

        elseif ($login && $log["pwdnew1"] != $log["pwdnew2"])

           $err2 = "<div class=\"red\">neue Passw&ouml;rter sind nicht identisch!</div>";

        elseif ($login && ((is_null($log["pwdnew1"]) && is_null($log["pwdnew2"])) || ($log["pwdnew1"]=="" && $log["pwdnew2"] == "")))

           $err2 = "<div class=\"red\">neue Passw&ouml;rter sind leer!</div>";

        if (!$login || $err1 || $err2)

        {

?>

            <!--    <div class="float-r"><img src="img/document_mark_as_final.png" border="0" alt="Vertr&auml;ge" title="Vertr&auml;ge"/></div> -->

<?php

                include ($_SERVER['DOCUMENT_ROOT'] ."/fhiiqm/form/pw_change_form.inc.php");

        }

        echo "&nbsp;&nbsp;&nbsp;<a href='/fhiiqm/start.php'>Start fhiiqm</a>";

        echo "</body>

        </html>\n";

?>