OK ... My Email is lgabrielse@verizon.net
Also, I am going crazy trying to find an error ... You will probably see it right away...
Do you see it on line 76 below, i.e. if ($check = $mysqli->("SELECT password FROM members WHERE id = ?"))
Parse error: syntax error, unexpected '(', expecting T_STRING or T_VARIABLE or '{' or '$' in C:\Inetpub\wwwroot\phproot\LoginKiller\change_password.php on line 76
Here is the code:
<?php
/*
* REGISTER.php
* Register New members
*/
//start session / load configs
session_start();
include('includes/config.php');
include('includes/db.php');
// check that the user is loggeed in
if(!isset($_SESSION['username']))
{
header("location: login.php");
}
// check for inactivity
if (time() > $_SESSION['last_active'] + $config['session_timeout'])
{
// log out user
session_destroy();
header("Location: login.php?timeout");
}
else
{
$_SESSION['last_active'] = time();
}
//form defaults
$error['alert'] = '';
$error['current_pass'] = '';
$error['pass'] = '';
$error['pass2'] = '';
$input['current_pass'] = '';
$input['pass'] = '';
$input['pass2'] = '';
if (isset($_POST['submit']))
{
// process form
if ($_POST['current_pass'] == '' || $_POST['password'] == '' || $_POST['password2'] == '')
{
// all fields need to be filled in
if ($_POST['current_pass'] == '') {$error['current_pass'] = 'required!';}
if ($_POST['password'] == '') {$error['pass'] = 'required!';}
if ($_POST['password2'] == '') {$error['pass2'] = 'required!';}
$error['alert'] = 'Please fill in the required fields!';
$input['current_pass'] = htmlentities($_POST['current_pass'], ENT_QUOTES);
$input['pass'] = htmlentities($_POST['password'], ENT_QUOTES);
$input['pass2'] = htmlentities($_POST['password2'], ENT_QUOTES);
// show form
include('views/v_password.php');
}
elseif ($_POST['password'] != $_POST['password2'])
{
// both password fields need to match
$error['alert'] = 'Password fields must match!';
$input['current_pass'] = htmlentities($_POST['current_pass'], ENT_QUOTES);
$input['pass'] = htmlentities($_POST['password'], ENT_QUOTES);
$input['pass2'] = htmlentities($_POST['password2'], ENT_QUOTES);
//show form
include('views/v_password.php');
}
else
{
// get data from form
$input['current_pass'] = $_POST['current_pass'];
$input['pass'] = $_POST['password'];
$input['pass2'] = $_POST['password2'];
if ($check = $mysqli->("SELECT password FROM members WHERE id = ?"))
{
$check->bind_param("s", $_SESSION['id']);
$check->execute();
$check->bind_result($current_pass);
$check->fetch();
$check->close();
}
if (md5($input['current_pass'] . $config['salt']) != $current_pass)
{
// error
$error['alert'] = "Your current password is incorrect!";
$error['current_pass'] = "incorrect";
include('views/v_password.php');
}
else
{
//update database
if ($stmt = $mysqli->prepare("UPDATE members SET password = ? where ID = ?"))
$stmt->bind_param("ss", md5($input['current_pass'] . $config['salt']), $_SESSION['id']);
$stmt->execute();
$stmt->close();
$error['alert'] = 'Member added successfully!';
//clear varaibles
$input['current_pass'] = '';
$input['pass'] = '';
$input['pass2'] = '';
include('views/v_password.php');
}
else
{
echo "ERROR: Could not prepare MYSQLi statement.";
}
}
}
else
{
include('views/v_password.php');
}
// close db connection
$mysqli->close();
?>