Example #1
0
//session end
//********************change pwd***************************//
if ($_POST['submit'] == "Change") {
    //submit
    if (!$_POST['oldpwd'] || !$_POST['newpwd'] || !$_POST['confirm_newpwd']) {
        //input box
        echo "<center><h2><font color=red>��سҡ�͡���������ú�ء��ͧ</font></h2></center>";
    } else {
        //input box
        //OK
        //check old pwd for user right
        $u_p = explode("#", empty_passweb2($ip_Log));
        //user and pass by return from function
        $ip_Log = $u_p[0];
        $p = $u_p[1];
        $u_enc = enc_create_u(trim($ip_Log));
        //user encode from login
        $p_enc = enc_create_p(trim($_POST['oldpwd']));
        //pwd encode from login
        $sum_enc = "{$u_enc}" . "{$p_enc}";
        //sum
        if ($sum_enc == $p) {
            //$sum_enc==$p
            //---------------------------ok
            if ($_POST['newpwd'] == $_POST['confirm_newpwd']) {
                //new=old
                //---------------------------ok
                $n_pwd = $u_enc . "" . enc_create_p(trim($_POST['newpwd']));
                //newpwd encode from login
                $sql = "update web_pwd set passweb='{$n_pwd}' where loginname='{$ip_Log}' ";
                mysql_query($sql) or die("Don't Update Database" . mysql_error());
Example #2
0
          </tr>
        </table></td>
  </tr>
</table>
</form>
<?php 
    } else {
        //submit
        if ($spwd == "" or $spwd2 == "") {
            //spwd and spwd2 empty
            print "<script>\r\n\t\talert(\"��سҡ�͡���������ú�ء��ͧ\");\r\n\t\thistory.go(-1);\r\n\t\t</script>";
        } else {
            //spwd and spwd2 empty
            if ($spwd == $spwd2) {
                //call func enc passw and call function insert  pass set
                $e_user = enc_create_u(trim($_SESSION['ip_Log']));
                $e_pwd = enc_create_p(trim($spwd));
                $sum_u_p = $e_user . "" . $e_pwd;
                $link = mysql_connect($Server, $User, $Pass);
                if (!$link) {
                    //not complete
                    die("can't connect database" . mysql_error());
                }
                //connect complete
                mysql_select_db($DBName, $link) or die("connect  Database name {$DBName} error");
                /*$strUp ="UPDATE opduser ";//table name in database
                		$strUp.="SET passweb='$sum_u_p' ";
                		$strUp.="WHERE loginname='$ip_Log' "; */
                $strUp = "INSERT INTO web_pwd(loginname,passweb) ";
                //table name in database
                $strUp .= "VALUE ('{$ip_Log}','{$sum_u_p}') ";