Exemple #1
0
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
define('BLOB_WEB_PAGE_TO_ROOT', '../');
require_once BLOB_WEB_PAGE_TO_ROOT . 'blob/includes/blobPage.inc.php';
blobPageStartup(array('authenticated'));
blobDatabaseConnect();
$user = blobCurrentUser();
$profile = blobLoadProfile();
$avatar = getAvatar($user);
$key = getSecKey($user);
if (isset($_POST['DeleteProfile'])) {
    $qry = "DELETE FROM `users` WHERE user='******';";
    $result = @mysql_query($qry) or die('<pre>' . mysql_error() . '</pre>');
    blobMessagePush("Profile {$user} is deleted!<br /> Thank you for using blob!");
    blobRedirect('../logout.php');
}
if (isset($_POST['EditProfile'])) {
    $fn = $_POST['firstname'];
    $ln = $_POST['lastname'];
    $pass = $_POST['password'];
    $key_new = $_POST['key'];
    if ($fn == "" || $ln == "" || $key_new == "") {
        blobMessagePush("First name, last name and key compulsory!");
        blobRedirect('edit.php');
    }
Exemple #2
0
if (isset($_POST['EditPassword'])) {
    $user = $_POST['username'];
    $pass = $_POST['password'];
    $key = $_POST['key'];
    if ($user == "" || $pass == "" || $key == "") {
        blobMessagePush("All fields are compulsory!");
        blobRedirect('forgot.php');
    }
    $user = stripslashes($user);
    $user = mysql_real_escape_string($user);
    $pass = stripslashes($pass);
    $pass = mysql_real_escape_string($pass);
    $key = stripslashes($key);
    $key = mysql_real_escape_string($key);
    if (blobExistUser($user)) {
        $old_key = getSecKey($user);
        if ($old_key == $key) {
            $pass = md5($pass);
            $qry = "UPDATE `users` SET password='******' WHERE user='******';";
            $result = @mysql_query($qry) or die('<pre>' . mysql_error() . '</pre>');
            blobMessagePush("Password changed!");
            blobRedirect('login.php');
        } else {
            blobMessagePush("Security Key does not match!");
        }
    } else {
        blobMessagePush("This user does not exist!");
    }
    blobRedirect('forgot.php');
}
$page = blobPageNewGrab();