}
 } else {
     if ($GET_code == '06') {
         $query = "SELECT COUNT(*) FROM {$CONFIG_sql_cpdbname}.user_profile WHERE user_id = \"" . $CP['login_id'] . "\"";
         $sql->result = $sql->execute_query($query, 'change_profile.php');
         $sql->total_query++;
         if (!$sql->result()) {
             $display = "{$lang['change_wrong_time_offset']}";
         } else {
             $sql->execute_query("UPDATE {$CONFIG_sql_cpdbname}.user_profile SET user_time_offset = \"" . mysql_res($POST_u_timezone) . "\" WHERE user_id = \"" . $CP['login_id'] . "\" ", 'change_profile.php');
             $sql->total_query++;
             $display = "{$lang['change_right_time_offset']}";
         }
     } else {
         if ($GET_code == '07' && length($POST_display_name, 4, 24)) {
             $POST_password = mysql_res(checkmd5($CONFIG_md5_support, $POST_password));
             $POST_display_name = checkstring($POST_display_name, 1);
             $query = "SELECT userid FROM {$CONFIG_sql_dbname}.login WHERE account_id = \"" . $CP['login_id'] . "\" AND user_pass = \"" . $POST_password . "\"";
             $sql->result = $sql->execute_query($query, 'change_profile.php');
             $sql->total_query++;
             $row = $sql->fetch_row();
             if (!$sql->count_rows()) {
                 $display = "{$lang['change_wrong_display_name']}";
             } else {
                 $query = "SELECT COUNT(*) FROM {$CONFIG_sql_cpdbname}.user_profile WHERE display_name = \"" . mysql_res($POST_display_name) . "\"";
                 $sql->result = $sql->execute_query($query, 'change_profile.php');
                 $sql->total_query++;
                 $count1 = $sql->result();
                 $query = "SELECT COUNT(*) FROM {$CONFIG_sql_dbname}.login WHERE userid = \"" . $POST_display_name . "\" AND userid != \"" . $row["userid"] . "\"";
                 $sql->result = $sql->execute_query($query, 'change_profile.php');
                 $sql->total_query++;
Example #2
0
         }
         echo "\n\t\t<TR class=\"topic_title5\">\n\t\t\t<TD align=\"center\" colspan=\"2\">\n\t\t\t\t<input type=\"submit\" name=\"Submit\" value=\"{$lang['Reg_insert']}\" class=\"textinput\">\n\t\t\t\t<input type=\"reset\" name=\"reset\" value=\"{$lang['Reg_edit']}\" class=\"textinput\">\n\t\t\t</TD>\n\t\t</TR>\n\t</form>\n\t</TBODY>\n</TABLE>\n";
         clmain_body();
     }
 } else {
     if ($GET_code == 02) {
         if (!$CONFIG_register_mode) {
             redir("index.php?act=idx", "{$lang['Reg_closed']}", 3);
         } else {
             if (empty($POST_userid) && empty($POST_userpass) && empty($POST_email)) {
                 redir("index.php?act=register", "{$lang['Error']}", 3);
             } else {
                 if (length($POST_userid, 4, 24) && length($POST_userpass, 4, 24) && length($POST_userslspass, 4, 24) && isMailform($POST_email) && isAlphaNumeric($POST_userid) && isAlphaNumeric($POST_userpass) && isAlphaNumeric($POST_userslspass) && ($POST_sex == "M" || $POST_sex == "F")) {
                     $activeid = '0';
                     $active_mes = "";
                     $userpass = mysql_res(checkmd5($CONFIG_md5_support, $POST_userpass));
                     $POST_email = mysql_res($POST_email);
                     $query = "SELECT userid FROM {$CONFIG_sql_dbname}.login WHERE userid = \"" . mysql_res($POST_userid) . "\"";
                     $sql->result = $sql->execute_query($query, 'register.php');
                     $sql->total_query++;
                     $count1 = $sql->count_rows();
                     $query = "SELECT email FROM {$CONFIG_sql_dbname}.login WHERE email = \"" . $POST_email . "\"";
                     $sql->result = $sql->execute_query($query, 'register.php');
                     $sql->total_query++;
                     $count2 = $sql->count_rows();
                     if ($CONFIG_security_mode) {
                         $query = "SELECT COUNT(*) FROM {$CONFIG_sql_cpdbname}.security_code WHERE sc_id = \"" . mysql_res($POST_security_id) . "\" AND sc_code = \"" . mysql_res($POST_security_code) . "\"";
                         $sql->result = $sql->execute_query($query, 'register.php');
                         $sql->total_query++;
                         $count3 = $sql->result();
                     }
Example #3
0
            }
        } else {
            $display = $lang[login_wrong];
        }
        redir("index.php?act=sls", "{$display}", 3);
    } else {
        if ($GET_code == 02) {
            ?>
<script language="JavaScript">function CheckSLS(){var L1 = document.sls_form.LG_USER.value; var L2 = document.sls_form.LG_PASS.value; var L3 = document.sls_form.SLS_PASS.value;if (L1.length < 4) {alert("Please enter your ID at least 4 characters."); document.sls_form.LG_USER.focus(); return false;}else if (L2.length < 4) {alert("Please enter your password at least 4 characters."); document.sls_form.LG_PASS.focus(); return false;}else if (L3.length < 4) {alert("Please enter your SLS password at least 4 characters."); document.sls_form.SLS_PASS.focus(); return false;}else {document.sls_form.Submit.disabled=true;return true;}}</script>
<?php 
            opmain_body("Self Locking System");
            echo "\n<TABLE width=\"100%\" cellspacing=\"1\" cellpadding=\"3\" align=\"center\">\n\t<TBODY>\n\t<form action=\"index.php?act=sls&code=03\" method=\"post\" enctype=\"multipart/form-data\" name=\"sls_form\" onSubmit=\"return CheckSLS()\">\n\t\t<TR class=\"topic_title6\">\n\t\t\t<TD width=\"20%\" align=\"right\">\n\t\t\t\t{$lang['login_user']} :\n\t\t\t</TD>\n\t\t\t<TD width=\"80%\" align=\"left\">\n\t\t\t\t<input name=\"LG_USER\" type=\"text\" size=\"28\" maxlength=\"24\" class=\"textinput\">\n\t\t\t</TD>\n\t\t</TR>\n\t\t<TR class=\"topic_title6\">\n\t\t\t<TD align=\"right\">\n\t\t\t\t{$lang['login_pass']} :\n\t\t\t</TD>\n\t\t\t<TD align=\"left\">\n\t\t\t\t<input name=\"LG_PASS\" type=\"password\" size=\"28\" maxlength=\"24\" class=\"textinput\">\n\t\t\t</TD>\n\t\t</TR>\n\t\t<TR class=\"topic_title6\">\n\t\t\t<TD align=\"right\">\n\t\t\t\t{$lang['login_sls_pass']} :\n\t\t\t</TD>\n\t\t\t<TD align=\"left\">\n\t\t\t\t<input name=\"SLS_PASS\" type=\"password\" size=\"28\" maxlength=\"24\" class=\"textinput\">\n\t\t\t</TD>\n\t\t</TR>\n\t\t<TR class=\"topic_title5\">\n\t\t\t<TD></TD>\n\t\t\t<TD>\n\t\t\t\t<input type=\"submit\" name=\"Submit\" value=\"{$lang['make_sls_pass']}\" class=\"textinput\">\n\t\t\t</TD>\n\t\t</TR>\n\t</form>\n\t</TBODY>\n</TABLE>\n";
            clmain_body();
        } else {
            if ($GET_code == 03 && isAlphaNumeric($POST_LG_USER) && isAlphaNumeric($POST_LG_PASS) && isAlphaNumeric($POST_SLS_PASS)) {
                $POST_LG_PASS = mysql_res(checkmd5($CONFIG_md5_support, $POST_LG_PASS));
                $query = "SELECT account_id FROM {$CONFIG_sql_dbname}.login WHERE userid = \"" . mysql_res($POST_LG_USER) . "\" AND user_pass=\"{$POST_LG_PASS}\" LIMIT 0,1";
                $sql->result = $sql->execute_query($query, 'sls.php');
                $sql->total_query++;
                if ($sql->count_rows()) {
                    $row = $sql->fetch_row();
                    $userid = $row[account_id];
                    $query = "SELECT user_sls_pass FROM {$CONFIG_sql_cpdbname}.user_profile WHERE user_id = \"" . mysql_res($userid) . "\" LIMIT 0,1";
                    $sql->result = $sql->execute_query($query, 'sls.php');
                    if ($sql->count_rows()) {
                        $row2 = $sql->fetch_row();
                        if (empty($row2[user_sls_pass])) {
                            $sql->execute_query("UPDATE {$CONFIG_sql_cpdbname}.user_profile set user_sls_pass=\"" . mysql_res($POST_SLS_PASS) . "\" WHERE user_id = \"" . mysql_res($userid) . "\" ", 'sls.php');
                            $sql->total_query++;
                            $display = $lang[success_make_sls_pass];
                        } else {
Example #4
0
 if ($check_sls) {
     $query = "SELECT user_sls_pass FROM {$CONFIG_sql_cpdbname}.user_profile WHERE user_id = \"" . $CP['login_id'] . "\"";
     $sql->result = $sql->execute_query($query, 'action.php');
     $sql->total_query++;
     $row = $sql->fetch_row();
 }
 if (!$count1 > 0) {
     $display = $lang[change_wrong_pass];
 } else {
     if (empty($row[user_sls_pass]) && $check_sls) {
         $display = "{$lang['no_sls_pass']}<BR><BR><a href=\"index.php?act=sls&code=02\">{$lang['make_sls_pass']}</a>";
     } else {
         if ($POST_slspassword != $row[user_sls_pass] && $check_sls) {
             $display = $lang[change_wrong_pass];
         } else {
             $password2 = mysql_res(checkmd5($CONFIG_md5_support, $POST_confirmpass));
             if ($CONFIG_md5_support) {
                 $pass = $password2;
             } else {
                 $pass = md5($password2);
             }
             if ($CONFIG_save_type == 1) {
                 session_register(loginpass);
                 $_SESSION["loginpass"] = $pass;
             } else {
                 setcookie("loginpass", $pass, time() + 60 * 60 * 24 * 30);
             }
             $sql->execute_query("UPDATE {$CONFIG_sql_dbname}.login SET user_pass = \"" . $password2 . "\" WHERE account_id = \"" . $CP['login_id'] . "\" ", 'action.php');
             $sql->total_query++;
             $display = "{$lang['change_right_pass']}";
         }