function password_right($usr, $pwd_in)
{
$result = mysql_query("select password from users where user_id='{$usr}'");
if (!($row = mysql_fetch_row($result)) || !$row[0]) {
return false;
}
$pwd_enc = my_rsa($pwd_in);
$pwd_real = $row[0];
if (ord($pwd_real) != 0) {
//password in database is not encrypted password
$pwd_real = my_rsa($pwd_real);
$pwd_escaped = mysql_escape_string($pwd_real);
mysql_query("update users set password='******' where user_id='{$usr}'");
}
if (strcmp($pwd_enc, $pwd_real) != 0) {
return false;
} else {
return true;
}
}
function password_right($usr, $pwd_in)
{
require __DIR__ . '/../conf/database.php';
$result = mysqli_query($con, "select password,user_id from users where user_id='{$usr}' or email='{$usr}' limit 1");
if (!($row = mysqli_fetch_row($result)) || !$row[0]) {
return false;
}
$usr = $row[1];
$pwd_enc = my_rsa($pwd_in);
$pwd_real = $row[0];
if (ord($pwd_real) != 0) {
//password in database is not encrypted password
$pwd_real = my_rsa($pwd_real);
$pwd_escaped = mysqli_escape_string($con, $pwd_real);
mysqli_query($con, "update users set password='******' where user_id='{$usr}'");
}
if (strcmp($pwd_enc, $pwd_real) != 0) {
return false;
} else {
return true;
}
}
if (!isset($_SESSION['user'])) {
die('Not logged in.');
}
$user = $_SESSION['user'];
require 'inc/database.php';
require_once 'inc/checkpwd.php';
if (!password_right($user, $_POST['oldpwd'])) {
die('Old password is not correct!');
}
$query = 'update users set email=\'' . mysql_real_escape_string($_POST['email']) . '\',school=\'' . mysql_real_escape_string($_POST['school']) . '\',nick=\'' . mysql_real_escape_string($_POST['nick']) . '\'';
if (isset($_POST['newpwd']) && $_POST['newpwd'] != '') {
$len = strlen($_POST['newpwd']);
if ($len < 6 || $len > 20) {
die('Password is too long or too short!');
}
$query .= ',password=\'' . mysql_real_escape_string(my_rsa($_POST['newpwd'])) . '\'';
}
$query .= " where user_id='{$user}'";
mysql_query($query);
echo "User infomation updated successfully!";
} else {
if ($_POST['type'] == 'reg') {
if (!isset($_POST['userid'], $_POST['newpwd'])) {
die('Invalid argument.');
}
require 'inc/database.php';
$user = mysql_real_escape_string(trim($_POST['userid']));
$len = strlen($user);
if ($len == 0) {
die('User name cannot be empty.');
}
echo _('Invalid Argument...');
exit;
}
if (!isset($_SESSION['resetpwd_user']) || empty($_SESSION['resetpwd_user']) || !isset($_SESSION['resetpwd_flag']) || $_SESSION['resetpwd_flag'] != 1) {
die('timeout');
}
if (!function_exists('my_rsa')) {
require __DIR__ . '/../func/checkpwd.php';
}
$user = $_SESSION['resetpwd_user'];
$len = strlen($_POST['newpwd']);
if ($len < 6 || $len > 50) {
echo _('Password too long or too short (6~50)...');
exit;
}
$query = 'update users set password=\'' . mysqli_real_escape_string($con, my_rsa($_POST['newpwd'])) . '\'';
$query .= " where user_id='{$user}'";
//Cleaning up
unset($_SESSION['resetpwd_code']);
unset($_SESSION['resetpwd_user']);
unset($_SESSION['resetpwd_email']);
unset($_SESSION['resetpwd_wrongnum']);
unset($_SESSION['resetpwd_flag']);
unset($_SESSION['last_send_time']);
session_destroy();
if (mysqli_query($con, $query)) {
echo 'success';
} else {
echo _('Something went wrong...');
}
} else {