user_id; // check for a non-zero user id if ($user_id) { $old_pwd = db_escape( trim( dPgetParam( $_POST, 'old_pwd', null ) ) ); $new_pwd1 = db_escape( trim( dPgetParam( $_POST, 'new_pwd1', null ) ) ); $new_pwd2 = db_escape( trim( dPgetParam( $_POST, 'new_pwd2', null ) ) ); // has the change form been posted if ($new_pwd1 && $new_pwd2 && $new_pwd1 == $new_pwd2 ) { // check that the old password matches $old_md5 = md5($old_pwd); $sql = "SELECT user_id FROM users WHERE user_password = '$old_md5' AND user_id=$user_id"; if ($AppUI->user_type == 1 || db_loadResult( $sql ) == $user_id) { require_once( "{$dPconfig['root_dir']}/modules/admin/admin.class.php" ); $user = new CUser(); $user->user_id = $user_id; $user->user_password = $new_pwd1; if (($msg = $user->store())) { $AppUI->setMsg( $msg, UI_MSG_ERROR ); } else { echo $AppUI->_('chgpwUpdated'); } } else { echo $AppUI->_('chgpwWrongPW'); } } else { ?>

_('Change User Password');?>

user_type != 1) { ?>

_('Current Password');?>
_('New Password');?>
_('Repeat New Password');?>

_('chgpwLogin'); } ?>