success = false;
if (request.prevPage)
client.prevPage = request.prevPage;
checkPrevPage("do_change_pw.html");
if (!request.old_pw)
writeln("You must enter your current password in order to change "+
"your password.
");
else if (!request.new_pw || !request.new_pw2)
writeln("You did not enter a new password!
")
else if (request.new_pw != request.new_pw2)
writeln("Your new password was not the same in both entry boxes.
");
else if (request.new_pw.indexOf("'") >= 0)
writeln("Invalid new password! Single quotes (') not allowed in password.
");
else if (request.new_pw.indexOf("\"") >= 0)
writeln("Invalid new password! Double quotes (\") not allowed in password.
");
else {
query = database.cursor("select password from user where id="+client.id);
if (query.next()) {
if (query.password == request.old_pw) {
database.execute("update user set password='"+request.new_pw+
"' where id="+client.id);
writeln("Password changed.
");
success = true;
}
else
writeln("Old password did not match. Password not changed.
");
}
else
writeln("User not found in database!
");
query.close();
}
if (success) {
client.status_msg = "Password changed.";
redirect("user_info.html");
}
else {
writeln("");
writeln("
");
}