}
} else {
if ($GET_code == '06') {
$query = "SELECT COUNT(*) FROM {$CONFIG_sql_cpdbname}.user_profile WHERE user_id = \"" . $CP['login_id'] . "\"";
$sql->result = $sql->execute_query($query, 'change_profile.php');
$sql->total_query++;
if (!$sql->result()) {
$display = "{$lang['change_wrong_time_offset']}";
} else {
$sql->execute_query("UPDATE {$CONFIG_sql_cpdbname}.user_profile SET user_time_offset = \"" . mysql_res($POST_u_timezone) . "\" WHERE user_id = \"" . $CP['login_id'] . "\" ", 'change_profile.php');
$sql->total_query++;
$display = "{$lang['change_right_time_offset']}";
}
} else {
if ($GET_code == '07' && length($POST_display_name, 4, 24)) {
$POST_password = mysql_res(checkmd5($CONFIG_md5_support, $POST_password));
$POST_display_name = checkstring($POST_display_name, 1);
$query = "SELECT userid FROM {$CONFIG_sql_dbname}.login WHERE account_id = \"" . $CP['login_id'] . "\" AND user_pass = \"" . $POST_password . "\"";
$sql->result = $sql->execute_query($query, 'change_profile.php');
$sql->total_query++;
$row = $sql->fetch_row();
if (!$sql->count_rows()) {
$display = "{$lang['change_wrong_display_name']}";
} else {
$query = "SELECT COUNT(*) FROM {$CONFIG_sql_cpdbname}.user_profile WHERE display_name = \"" . mysql_res($POST_display_name) . "\"";
$sql->result = $sql->execute_query($query, 'change_profile.php');
$sql->total_query++;
$count1 = $sql->result();
$query = "SELECT COUNT(*) FROM {$CONFIG_sql_dbname}.login WHERE userid = \"" . $POST_display_name . "\" AND userid != \"" . $row["userid"] . "\"";
$sql->result = $sql->execute_query($query, 'change_profile.php');
$sql->total_query++;
}
echo "\n\t\t<TR class=\"topic_title5\">\n\t\t\t<TD align=\"center\" colspan=\"2\">\n\t\t\t\t<input type=\"submit\" name=\"Submit\" value=\"{$lang['Reg_insert']}\" class=\"textinput\">\n\t\t\t\t<input type=\"reset\" name=\"reset\" value=\"{$lang['Reg_edit']}\" class=\"textinput\">\n\t\t\t</TD>\n\t\t</TR>\n\t</form>\n\t</TBODY>\n</TABLE>\n";
clmain_body();
}
} else {
if ($GET_code == 02) {
if (!$CONFIG_register_mode) {
redir("index.php?act=idx", "{$lang['Reg_closed']}", 3);
} else {
if (empty($POST_userid) && empty($POST_userpass) && empty($POST_email)) {
redir("index.php?act=register", "{$lang['Error']}", 3);
} else {
if (length($POST_userid, 4, 24) && length($POST_userpass, 4, 24) && length($POST_userslspass, 4, 24) && isMailform($POST_email) && isAlphaNumeric($POST_userid) && isAlphaNumeric($POST_userpass) && isAlphaNumeric($POST_userslspass) && ($POST_sex == "M" || $POST_sex == "F")) {
$activeid = '0';
$active_mes = "";
$userpass = mysql_res(checkmd5($CONFIG_md5_support, $POST_userpass));
$POST_email = mysql_res($POST_email);
$query = "SELECT userid FROM {$CONFIG_sql_dbname}.login WHERE userid = \"" . mysql_res($POST_userid) . "\"";
$sql->result = $sql->execute_query($query, 'register.php');
$sql->total_query++;
$count1 = $sql->count_rows();
$query = "SELECT email FROM {$CONFIG_sql_dbname}.login WHERE email = \"" . $POST_email . "\"";
$sql->result = $sql->execute_query($query, 'register.php');
$sql->total_query++;
$count2 = $sql->count_rows();
if ($CONFIG_security_mode) {
$query = "SELECT COUNT(*) FROM {$CONFIG_sql_cpdbname}.security_code WHERE sc_id = \"" . mysql_res($POST_security_id) . "\" AND sc_code = \"" . mysql_res($POST_security_code) . "\"";
$sql->result = $sql->execute_query($query, 'register.php');
$sql->total_query++;
$count3 = $sql->result();
}
}
} else {
$display = $lang[login_wrong];
}
redir("index.php?act=sls", "{$display}", 3);
} else {
if ($GET_code == 02) {
?>
<script language="JavaScript">function CheckSLS(){var L1 = document.sls_form.LG_USER.value; var L2 = document.sls_form.LG_PASS.value; var L3 = document.sls_form.SLS_PASS.value;if (L1.length < 4) {alert("Please enter your ID at least 4 characters."); document.sls_form.LG_USER.focus(); return false;}else if (L2.length < 4) {alert("Please enter your password at least 4 characters."); document.sls_form.LG_PASS.focus(); return false;}else if (L3.length < 4) {alert("Please enter your SLS password at least 4 characters."); document.sls_form.SLS_PASS.focus(); return false;}else {document.sls_form.Submit.disabled=true;return true;}}</script>
<?php
opmain_body("Self Locking System");
echo "\n<TABLE width=\"100%\" cellspacing=\"1\" cellpadding=\"3\" align=\"center\">\n\t<TBODY>\n\t<form action=\"index.php?act=sls&code=03\" method=\"post\" enctype=\"multipart/form-data\" name=\"sls_form\" onSubmit=\"return CheckSLS()\">\n\t\t<TR class=\"topic_title6\">\n\t\t\t<TD width=\"20%\" align=\"right\">\n\t\t\t\t{$lang['login_user']} :\n\t\t\t</TD>\n\t\t\t<TD width=\"80%\" align=\"left\">\n\t\t\t\t<input name=\"LG_USER\" type=\"text\" size=\"28\" maxlength=\"24\" class=\"textinput\">\n\t\t\t</TD>\n\t\t</TR>\n\t\t<TR class=\"topic_title6\">\n\t\t\t<TD align=\"right\">\n\t\t\t\t{$lang['login_pass']} :\n\t\t\t</TD>\n\t\t\t<TD align=\"left\">\n\t\t\t\t<input name=\"LG_PASS\" type=\"password\" size=\"28\" maxlength=\"24\" class=\"textinput\">\n\t\t\t</TD>\n\t\t</TR>\n\t\t<TR class=\"topic_title6\">\n\t\t\t<TD align=\"right\">\n\t\t\t\t{$lang['login_sls_pass']} :\n\t\t\t</TD>\n\t\t\t<TD align=\"left\">\n\t\t\t\t<input name=\"SLS_PASS\" type=\"password\" size=\"28\" maxlength=\"24\" class=\"textinput\">\n\t\t\t</TD>\n\t\t</TR>\n\t\t<TR class=\"topic_title5\">\n\t\t\t<TD></TD>\n\t\t\t<TD>\n\t\t\t\t<input type=\"submit\" name=\"Submit\" value=\"{$lang['make_sls_pass']}\" class=\"textinput\">\n\t\t\t</TD>\n\t\t</TR>\n\t</form>\n\t</TBODY>\n</TABLE>\n";
clmain_body();
} else {
if ($GET_code == 03 && isAlphaNumeric($POST_LG_USER) && isAlphaNumeric($POST_LG_PASS) && isAlphaNumeric($POST_SLS_PASS)) {
$POST_LG_PASS = mysql_res(checkmd5($CONFIG_md5_support, $POST_LG_PASS));
$query = "SELECT account_id FROM {$CONFIG_sql_dbname}.login WHERE userid = \"" . mysql_res($POST_LG_USER) . "\" AND user_pass=\"{$POST_LG_PASS}\" LIMIT 0,1";
$sql->result = $sql->execute_query($query, 'sls.php');
$sql->total_query++;
if ($sql->count_rows()) {
$row = $sql->fetch_row();
$userid = $row[account_id];
$query = "SELECT user_sls_pass FROM {$CONFIG_sql_cpdbname}.user_profile WHERE user_id = \"" . mysql_res($userid) . "\" LIMIT 0,1";
$sql->result = $sql->execute_query($query, 'sls.php');
if ($sql->count_rows()) {
$row2 = $sql->fetch_row();
if (empty($row2[user_sls_pass])) {
$sql->execute_query("UPDATE {$CONFIG_sql_cpdbname}.user_profile set user_sls_pass=\"" . mysql_res($POST_SLS_PASS) . "\" WHERE user_id = \"" . mysql_res($userid) . "\" ", 'sls.php');
$sql->total_query++;
$display = $lang[success_make_sls_pass];
} else {
if ($check_sls) {
$query = "SELECT user_sls_pass FROM {$CONFIG_sql_cpdbname}.user_profile WHERE user_id = \"" . $CP['login_id'] . "\"";
$sql->result = $sql->execute_query($query, 'action.php');
$sql->total_query++;
$row = $sql->fetch_row();
}
if (!$count1 > 0) {
$display = $lang[change_wrong_pass];
} else {
if (empty($row[user_sls_pass]) && $check_sls) {
$display = "{$lang['no_sls_pass']}<BR><BR><a href=\"index.php?act=sls&code=02\">{$lang['make_sls_pass']}</a>";
} else {
if ($POST_slspassword != $row[user_sls_pass] && $check_sls) {
$display = $lang[change_wrong_pass];
} else {
$password2 = mysql_res(checkmd5($CONFIG_md5_support, $POST_confirmpass));
if ($CONFIG_md5_support) {
$pass = $password2;
} else {
$pass = md5($password2);
}
if ($CONFIG_save_type == 1) {
session_register(loginpass);
$_SESSION["loginpass"] = $pass;
} else {
setcookie("loginpass", $pass, time() + 60 * 60 * 24 * 30);
}
$sql->execute_query("UPDATE {$CONFIG_sql_dbname}.login SET user_pass = \"" . $password2 . "\" WHERE account_id = \"" . $CP['login_id'] . "\" ", 'action.php');
$sql->total_query++;
$display = "{$lang['change_right_pass']}";
}