function check_valid_user() { //user logged in if (session_is_registered('valid_user_id')) { return; } else { //user tries to log in if (!empty($_POST['user']) && !empty($_POST['password'])) { $valid_user_id = user_ok($_POST['user'], $_POST['password']); switch ($valid_user_id) { case false: // something went wrong with the DB $title = 'B³±d bazy danych, spróbuj pó¼niej.'; break; case -1: //user cannot be logged in $title = 'Nie mogê zalogowaæ u¿ytkownika ' . htmlspecialchars(stripslashes($_POST['user'])) . '!'; break; default: //everything OK $_SESSION['valid_user_id'] = $valid_user_id; $url = $_SERVER['PHP_SELF'] . (empty($_SERVER['QUERY_STRING']) ? '' : '?' . $_SERVER['QUERY_STRING']); header('location: ' . $url); // reload page exit; } } else { if (!isset($_POST['user']) && !isset($_POST['password'])) { $title = 'Zaloguj siê'; } else { $title = '¬le wype³niony formularz! Spróbuj ponownie'; } } display_html_header(); display_document_header(true); // true = with setfocus script display_menu(); display_login_form($title); display_document_footer(); exit; } }
<?php if (empty($_POST['old_password']) || empty($_POST['new_password1']) || empty($_POST['new_password2'])) { header('location: change_password_form.php'); } else { require_once 'lib/flip.php'; session_start(); check_valid_user(); $go_back = '<a href="change_password_form.php" class="menu">Spróbuj ponownie</a>.'; if (user_ok(get_user_login($_SESSION['valid_user_id']), $_POST['old_password']) == -1) { display_warning('Twoje has³o jest nieprawid³owe! ' . $go_back); } else { if ($_POST['new_password1'] != $_POST['new_password2']) { display_warning('Nowe has³a nie s± identyczne! ' . $go_back); } else { if (strlen($_POST['new_password1']) < 3) { display_warning('Nowe has³o jest za krótkie! ' . $go_back); } else { db_connect(); $q = "update users set password=old_password('" . $_POST['new_password1'] . "') where user_id=" . $_SESSION['valid_user_id']; $r = mysql_query($q); if (!$r) { $warning = 'Zmiana has³a zakoñczona niepowodzeniem!'; } else { $warning = 'Zmiana has³a zakoñczona sukcesem!'; } display_warning($warning); } } } }