is_valid ) { // What happens when the CAPTCHA was entered incorrectly $html .= "


The CAPTCHA was incorrect. Please try again.

"; $hide_form = false; return; } else { // CAPTCHA was correct. Do both new passwords match? if( $pass_new == $pass_conf ) { // Show next stage for the user $html .= "


You passed the CAPTCHA! Click the button to confirm your changes.

"; } else { // Both new passwords do not match. $html .= "

Both passwords must match.

"; $hide_form = false; } } } if( isset( $_POST[ 'Change' ] ) && ( $_POST[ 'step' ] == '2' ) ) { // Hide the CAPTCHA form $hide_form = true; // Get input $pass_new = $_POST[ 'password_new' ]; $pass_conf = $_POST[ 'password_conf' ]; // Check to see if both password match if( $pass_new == $pass_conf ) { // They do! $pass_new = mysql_real_escape_string( $pass_new ); $pass_new = md5( $pass_new ); // Update database $insert = "UPDATE `users` SET password = '$pass_new' WHERE user = '" . dvwaCurrentUser() . "';"; $result = mysql_query( $insert ) or die( '

' . mysql_error() . '

' ); // Feedback for the end user $html .= "

Password Changed.

"; } else { // Issue with the passwords matching $html .= "

Passwords did not match.

"; $hide_form = false; } mysql_close(); } ?>