--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/fhiiqm/pw_change.php	Wed Oct 05 16:46:09 2011 +0200
@@ -0,0 +1,93 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+
+<head>
+	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+   	<link href="/fhiiqm/css/db.css" rel="STYLESHEET" type="TEXT/CSS" /> 
+
+	<title>change password fhiiqm</title>
+</head>
+
+<body onload="document.fpwch.pwdold.focus();">
+
+<?php
+
+/**
+ * @author Bettina Schwarzer, Fritz-Haber-Institut
+ * @copyright 09/2011
+ * 
+ * Passwortwechsel
+ * 
+ */
+
+    error_reporting(E_ALL ^ E_NOTICE);
+    
+       session_start();
+       if (!$_SESSION["userid"]) 
+        	{
+        	header("Location: /fhiiqm/start.php");
+        	exit;
+        	}
+        
+        
+        
+        $login  = $_POST["eintragen"];
+        $log    = $_POST["log"];
+//        print_r($log);
+//        echo "<br />$login, " . $_SESSION["userid"] . "<br />";
+        
+        if ($login && $log["pwdnew1"]>"!" && $log["pwdnew2"]>'!' && $log["pwdnew1"] == $log["pwdnew2"])
+        {
+        	include_once($_SERVER['DOCUMENT_ROOT'] ."/fhiiqm/inc/dbconnect.inc.php");
+        	if (!isset($dbc) || !$dbc) $dbc = new dbconnection();
+            
+            $stmt = $dbc -> stmtinit();
+            if (is_object($stmt))
+            {
+                $stmt -> prepare("SELECT pwd FROM userweb WHERE userid = ?");
+                $stmt -> bind_param('s',$_SESSION["userid"]);
+                $result = $stmt -> execute();
+                if ($result)
+                {
+                    $stmt->bind_result($pwdmd5);
+                    if ($stmt->fetch()) 
+                    {
+                        if ($log["pwdold"] == "" || is_null($log["pwdold"]) || $pwdmd5 == md5($log["pwdold"]))
+                        {
+                            $stmt -> free_result(); // wegen weiterer query
+                            $stmt -> prepare("UPDATE userweb SET pwd = MD5(?) WHERE userid = ?");   
+                            $stmt -> bind_param('ss',$log["pwdnew2"],$_SESSION["userid"]);
+                            $stmt -> execute();
+                            if ($stmt -> errno > 0)
+                            {
+                                echo $stmt->errno . ": " . $stmt->error . "<br />";
+                                echo "<div align='center' class=\"red\"><br />Passwortänderung fehlgeschlagen</div>";
+                            }
+                            else
+                                echo "<div align='center' class=\"green\"><br />Passwortänderung f&uuml;r User '". $_SESSION["userid"] . "' ist erfolgt.</div>";
+                        }
+                        else
+                        {
+                            $err1="<div class=\"red\">altes Passwort ist nicht korrekt!</div>";
+                        }
+                    }    
+                }
+            }
+        }
+        elseif ($login && $log["pwdnew1"] != $log["pwdnew2"])
+           $err2 = "<div class=\"red\">neue Passw&ouml;rter sind nicht identisch!</div>";
+        elseif ($login && ((is_null($log["pwdnew1"]) && is_null($log["pwdnew2"])) || ($log["pwdnew1"]=="" && $log["pwdnew2"] == "")))
+           $err2 = "<div class=\"red\">neue Passw&ouml;rter sind leer!</div>";
+        if (!$login || $err1 || $err2)
+        {
+?>
+            <!--    <div class="float-r"><img src="img/document_mark_as_final.png" border="0" alt="Vertr&auml;ge" title="Vertr&auml;ge"/></div> -->
+            
+<?php
+                include ($_SERVER['DOCUMENT_ROOT'] ."/fhiiqm/form/pw_change_form.inc.php");
+
+        }
+        echo "&nbsp;&nbsp;&nbsp;<a href='/fhiiqm/start.php'>Start fhiiqm</a>";
+        echo "</body>
+        </html>\n";
+?>
\ No newline at end of file