include_once '../lib/glob.php'; include_once '../lib/lib.php'; if (!isset($_SESSION["id"])) { die("ERROR ON PAGE!"); } $id = $_SESSION["id"]; if (!isset($_POST["psw"]) or !isset($_POST["psw1"]) or !isset($_POST["psw2"])) { die("请输入所有空格!"); } if (empty($_POST["psw"]) or empty($_POST["psw1"]) or empty($_POST["psw2"])) { die("请输入所有空格!"); } $psw = $_POST["psw"]; $psw1 = $_POST["psw1"]; $psw2 = $_POST["psw2"]; if (!lib_psw_validate($psw) or !lib_psw_validate($psw1) or !lib_psw_validate($psw2) or !($psw1 == $psw2)) { die("修改密码失败,请重新输入正确的密码!"); } $psw = md5($psw); $query = "SELECT *\n\t\tFROM users\n\t\tWHERE id = {$id} AND password = '******'"; $result = mysql_query($query); if (mysql_num_rows($result) == 0) { die("密码不正确,请重新输入正确的密码!"); } if (strlen($psw2) < 6 or strlen($psw1) < 6) { die("新密码长度太短!"); } $psw1 = md5($psw1); $query = "UPDATE users\n\t\tSET password = '******'\n\t\tWHERE id = {$id}\n\t\t"; $result = mysql_query($query); echo "密码修改成功!";
exit; } //check if passwords match: if ($psw != $repsw) { setAlertMsg("Passwords don't match!"); header("Location:../register.php?username={$usr}"); exit; } //check username input validation: if (!lib_name_validate($usr)) { setAlertMsg("Username can only contain letters, numbers and underscore, and the first character must be a letter!"); header("Location:../register.php?username={$usr}"); exit; } //check password input validation: if (!lib_psw_validate($psw)) { setAlertMsg("Password can only contain letters and numbers!"); header("Location:../register.php?username={$usr}"); exit; } //check if name is avalable: if (isUserExist($usr, $psw)) { setAlertMsg("This username has been taken!"); header("Location:../register.php?username={$usr}"); exit; } //proceed registeration: insertNewUser($usr, $psw); $_SESSION["username"] = $usr; $_SESSION["password"] = $psw; $_SESSION["admin"] = 0;