Example #1
0
function password_right($usr, $pwd_in)
{
    $result = mysql_query("select password from users where user_id='{$usr}'");
    if (!($row = mysql_fetch_row($result)) || !$row[0]) {
        return false;
    }
    $pwd_enc = my_rsa($pwd_in);
    $pwd_real = $row[0];
    if (ord($pwd_real) != 0) {
        //password in database is not encrypted password
        $pwd_real = my_rsa($pwd_real);
        $pwd_escaped = mysql_escape_string($pwd_real);
        mysql_query("update users set password='******' where user_id='{$usr}'");
    }
    if (strcmp($pwd_enc, $pwd_real) != 0) {
        return false;
    } else {
        return true;
    }
}
Example #2
0
function password_right($usr, $pwd_in)
{
    require __DIR__ . '/../conf/database.php';
    $result = mysqli_query($con, "select password,user_id from users where user_id='{$usr}' or email='{$usr}' limit 1");
    if (!($row = mysqli_fetch_row($result)) || !$row[0]) {
        return false;
    }
    $usr = $row[1];
    $pwd_enc = my_rsa($pwd_in);
    $pwd_real = $row[0];
    if (ord($pwd_real) != 0) {
        //password in database is not encrypted password
        $pwd_real = my_rsa($pwd_real);
        $pwd_escaped = mysqli_escape_string($con, $pwd_real);
        mysqli_query($con, "update users set password='******' where user_id='{$usr}'");
    }
    if (strcmp($pwd_enc, $pwd_real) != 0) {
        return false;
    } else {
        return true;
    }
}
Example #3
0
    if (!isset($_SESSION['user'])) {
        die('Not logged in.');
    }
    $user = $_SESSION['user'];
    require 'inc/database.php';
    require_once 'inc/checkpwd.php';
    if (!password_right($user, $_POST['oldpwd'])) {
        die('Old password is not correct!');
    }
    $query = 'update users set email=\'' . mysql_real_escape_string($_POST['email']) . '\',school=\'' . mysql_real_escape_string($_POST['school']) . '\',nick=\'' . mysql_real_escape_string($_POST['nick']) . '\'';
    if (isset($_POST['newpwd']) && $_POST['newpwd'] != '') {
        $len = strlen($_POST['newpwd']);
        if ($len < 6 || $len > 20) {
            die('Password is too long or too short!');
        }
        $query .= ',password=\'' . mysql_real_escape_string(my_rsa($_POST['newpwd'])) . '\'';
    }
    $query .= " where user_id='{$user}'";
    mysql_query($query);
    echo "User infomation updated successfully!";
} else {
    if ($_POST['type'] == 'reg') {
        if (!isset($_POST['userid'], $_POST['newpwd'])) {
            die('Invalid argument.');
        }
        require 'inc/database.php';
        $user = mysql_real_escape_string(trim($_POST['userid']));
        $len = strlen($user);
        if ($len == 0) {
            die('User name cannot be empty.');
        }
Example #4
0
         echo _('Invalid Argument...');
         exit;
     }
     if (!isset($_SESSION['resetpwd_user']) || empty($_SESSION['resetpwd_user']) || !isset($_SESSION['resetpwd_flag']) || $_SESSION['resetpwd_flag'] != 1) {
         die('timeout');
     }
     if (!function_exists('my_rsa')) {
         require __DIR__ . '/../func/checkpwd.php';
     }
     $user = $_SESSION['resetpwd_user'];
     $len = strlen($_POST['newpwd']);
     if ($len < 6 || $len > 50) {
         echo _('Password too long or too short (6~50)...');
         exit;
     }
     $query = 'update users set password=\'' . mysqli_real_escape_string($con, my_rsa($_POST['newpwd'])) . '\'';
     $query .= " where user_id='{$user}'";
     //Cleaning up
     unset($_SESSION['resetpwd_code']);
     unset($_SESSION['resetpwd_user']);
     unset($_SESSION['resetpwd_email']);
     unset($_SESSION['resetpwd_wrongnum']);
     unset($_SESSION['resetpwd_flag']);
     unset($_SESSION['last_send_time']);
     session_destroy();
     if (mysqli_query($con, $query)) {
         echo 'success';
     } else {
         echo _('Something went wrong...');
     }
 } else {