function UpdatePass($conn, $username, $password) { $hash = GenPass($username, $password); $sql = 'UPDATE User_Tbl SET Password=:v_pass WHERE Username = :v_user'; $stid = oci_parse($conn, $sql); oci_bind_by_name($stid, ":v_user", $username); oci_bind_by_name($stid, ":v_pass", $hash); $r = oci_execute($stid); if (!$r) { $e = oci_error($stid); return htmlentities($e['message']); } return true; }
public function AUTH() { if (isset($_POST['login']) and isset($_POST['password'])) { $LOGIN = clean($this->AR, $_POST['login'], "S"); // Clean login $PASS = clean($this->AR, $_POST['password'], "S"); // Clean passwords $USERINF = $this::USERINFO($LOGIN, "N"); // Get user info if ($USERINF) { // If have user $this->AR['LOG']->WR("USERSClass: User " . $LOGIN . " found"); //$this->AR['LOG']->WR("USERSClass: GenPass test is ".GenPass($PASS, $PASS."ota")." <-"); if (strcmp($USERINF['PASS'], GenPass($PASS, $PASS . "ota")) == 0) { session_start(); $_SESSION['USERSES_CODE'] = GenHashe($LOGIN, "ota"); $this->AR['LOG']->WR("USERSClass: SESION is " . $_SESSION['USERSES_CODE'] . " for " . $LOGIN . ""); $DATAS['SESSION'] = $_SESSION['USERSES_CODE']; // Sesion $DATAS['NAME'] = $LOGIN; // Login name $RESHASH = USER_SET_API($DATAS, "S", $this->AR); // Sets session to db if ($RESHASH == 1) { $this->AR['LOG']->WR("USERSClass: SESION is " . $_SESSION['USERSES_CODE'] . " for " . $LOGIN . " updated"); header("location: " . INDEX_FILE . ""); exit; } else { unset($_SESSION['USERSES_CODE']); // Del session session_destroy(); // Destroy $this->AR['LOG']->WR("USERSClass: SESION is " . $_SESSION['USERSES_CODE'] . " for " . $LOGIN . " ERROR"); $this->AR['MENU']->SET($this->AR['LNG']->STR['m_nazad'], "javascript:history.go(-1);", "R"); // Create menu $this->AR['MSG']->SHOW($this->AR['LNG']->STR['msg_no_sesionset'], "I"); } } else { $this->AR['MENU']->SET($this->AR['LNG']->STR['m_nazad'], "javascript:history.go(-1);", "R"); // Create menu $this->AR['MSG']->SHOW($this->AR['LNG']->STR['msg_bed_bass'], "I"); } } else { // If no user $this->AR['LOG']->WR("USERSClass: User " . $LOGIN . " not found"); $this->AR['MENU']->SET($this->AR['LNG']->STR['m_nazad'], "javascript:history.go(-1);", "R"); // Create menu $this->AR['MSG']->SHOW($this->AR['LNG']->STR['msg_no_user'], "I"); } } else { $this->AR['MENU']->SET($this->AR['LNG']->STR['m_nazad'], "javascript:history.go(-1);", "R"); // Create menu $this->AR['MSG']->SHOW($this->AR['LNG']->STR['msg_no_data'], "I"); } }
<?php if ($Module == 'register' and $_POST['enter']) { $_POST['login'] = FormChars($_POST['login']); $_POST['email'] = FormChars($_POST['email']); $_POST['password'] = GenPass(FormChars($_POST['password']), $_POST['login']); $_POST['name'] = FormChars($_POST['name']); $_POST['country'] = FormChars($_POST['country']); $_POST['captcha'] = FormChars($_POST['captcha']); if (!$_POST['login'] or !$_POST['email'] or !$_POST['password'] or !$_POST['name'] or $_POST['country'] > 4 or !$_POST['captcha']) { MessageSend(1, 'Невозможно обработать форму.'); } if ($_SESSION['captcha'] != md5($_POST['captcha'])) { MessageSend(1, 'Капча введена не верно.'); } $Row = mysqli_fetch_assoc(mysqli_query($CONNECT, "SELECT `login` FROM `users` WHERE `login` = '{$_POST['login']}'")); if ($Row['login']) { exit('Логин <b>' . $_POST['login'] . '</b> уже используеться.'); } $Row = mysqli_fetch_assoc(mysqli_query($CONNECT, "SELECT `email` FROM `users` WHERE `email` = '{$_POST['email']}'")); if ($Row['email']) { exit('E-Mail <b>' . $_POST['email'] . '</b> уже используеться.'); } mysqli_query($CONNECT, "INSERT INTO `users` VALUES ('', '{$_POST['login']}', '{$_POST['password']}', '{$_POST['name']}', NOW(), '{$_POST['email']}', {$_POST['country']}, 0, 0)"); $Code = substr(base64_encode($_POST['email']), 0, -1); mail($_POST['email'], 'Регистрация на блоге Mr.Shift', 'Ссылка для активации: http://mr-shift.ru/account/activate/code/' . substr($Code, -5) . substr($Code, 0, -5), 'From: kirevden@gmail.com'); MessageSend(3, 'Регистрация акаунта успешно завершена. На указанный E-mail адрес <b>' . $_POST['email'] . '</b> отправленно письмо о подтверждении регистрации.'); } else { if ($Module == 'activate' and $Param['code']) { if (!$_SESSION['USER_ACTIVE_EMAIL']) { $Email = base64_decode(substr($Param['code'], 5) . substr($Param['code'], 0, 5));