if (($attempts>=3)&&($m1==90)) {
$err_msg = 'No more attempts in this session';
$m1=92;
} else {
$sessid = $_SESSION['MYportal'];
if (strlen($sessid)>0) {
if ($m1==99) {
$sessid='';
$_SESSION['apmm_cm'] = $sessid;
$m1=90;
} else {
$user_id = $_SESSION['apmm_id'];
$sql="select name,pw from user where id=$user_id";
$get_info = mysql_query ($sql);
list($user_name,$c_pw) = mysql_fetch_row($get_info);
if (($m1==96)&&($m2==2)&&($state==1)) {
$old_pw = $_POST["old_pw"];
$new_pw = $_POST["new_pw"];
$new2_pw = $_POST["new2_pw"];
$err_msg='';
if (strlen($user_name)==0) {
$err_msg="Please state old password";
}
if (strlen($err_msg)==0) {
if ($c_pw<>md5($old_pw)) {
$err_msg="Old password is not correct";
}
}
if (strlen($err_msg)==0) {
if (strlen($new_pw)==0) {
$err_msg="Please state new password";
}
}
if (strlen($err_msg)==0) {
if (strlen($new2_pw)==0) {
$err_msg="Please re-type new password";
}
}
if (strlen($err_msg)==0) {
if ($new2_pw<>$new_pw) {
$err_msg="New password and re-type password is not the same";
}
}
$regex="/^.*(?=.{8,}).*$/";
if (false==(preg_match($regex,$new_pw))) {
$err_msg="New password length must be at least 8 characters.";
}
$regex="/[A-Z]/"; //regular expression
if (false==(preg_match($regex,$new_pw)))
{
$err_msg="New Password should contain at least 1 uppercase character.";
}
$regex="/[a-z]/";
if (false==(preg_match($regex,$new_pw)))
{
$err_msg="New Password should contain at least 1 lowercase character.";
}
$regex="/[0-9]/";
if (false==(preg_match($regex,$new_pw)))
{
$err_msg="New Password should contain at least at least 1 digit ";
}
$regex="/[\W_]/"; //special characters and underscore character
if (false==(preg_match($regex,$new_pw)))
{
$err_msg="New Password should contain at least at least 1 special characters.";
}