is_valid ) { // What happens when the CAPTCHA was entered incorrectly $html .= "
"; $hide_form = false; return; } else { // Check that the current password is correct $data = $db->prepare( 'SELECT password FROM users WHERE user = (:user) AND password = (:password) LIMIT 1;' ); $data->bindParam( ':user', dvwaCurrentUser(), PDO::PARAM_STR ); $data->bindParam( ':password', $pass_curr, PDO::PARAM_STR ); $data->execute(); // Do both new password match and was the current password correct? if( ( $pass_new == $pass_conf) && ( $data->rowCount() == 1 ) ) { // Update the database $data = $db->prepare( 'UPDATE users SET password = (:password) WHERE user = (:user);' ); $data->bindParam( ':password', $pass_new, PDO::PARAM_STR ); $data->bindParam( ':user', dvwaCurrentUser(), PDO::PARAM_STR ); $data->execute(); // Feedback for the end user - success! $html .= "
The CAPTCHA was incorrect. Please try again.
Password Changed."; } else { // Feedback for the end user - failed! $html .= "
Either your current password is incorrect or the new passwords did not match."; $hide_form = false; } } } // Generate Anti-CSRF token generateSessionToken(); ?>
Please try again.