if (!$conn) {
echo "conn failure ";
return false;
}
$stmnt2 = $conn->prepare("SELECT * FROM USERS2 WHERE USER_UID = ?;");
$stmnt2->bind_param('s', $user);
$stmnt2->execute();
$stmnt2->store_result();
$amount = $stmnt2->num_rows;
if ($amount == 0) {
echo "user does not exists ";
return false;
}
$stmnt2->close();
$stmnt = $conn->prepare("UPDATE USERS2 SET USER_PWDHSH=?, USER_PWDSALT= ? WHERE USER_UID = ?;");
$salt = file_get_contents('/dev/urandom', false, null, 0, 64);
$options = array('salt' => $salt);
$phash = crypt($password, $salt);
$stmnt->bind_param('sss', $phash, $salt, $user);
$stmnt->execute();
$stmnt->close();
$conn->close();
return true;
}
$fail = false;
session_start();
if (changePass($_POST["USERNAME"], $_POST["PASSWORD"], $_POST["PASSWORD2"])) {
echo "True";
} else {
echo "False";
}
// ***************************************************************************
/*
* Auteur : Romain Maillard
* Date : 26.09.2015
* But: permet de changer son mot de passe
*/
session_start();
// Inclusion fichier de fonction.
require_once "include/fonction.php";
// Vérifie si l'utilisateur est déjà connecté sinon le redirige vers signin.php.
if (!isConnected()) {
header('Location: signout.php');
}
if (isset($_POST['change'])) {
if (changePass($_POST['password1'], $_POST['password2'])) {
echo "<script>alert('Password change');</script>";
} else {
echo "<script>alert('Password not match');</script>";
}
}
// ***************************************************************************
?>
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<meta name="author" content="">
<?php
include_once "header.php";
include_once "db.php";
include_once "dertyn.php";
if (!$_POST['checksubmit']) {
showPasswordChangeform();
} else {
$username = getUserName();
$user = $username;
$pass = $_POST['oldpass'];
$newpass1 = $_POST['newpass1'];
$newpass2 = $_POST['newpass2'];
$logincheck = checkLogin($user, $pass);
if ($logincheck == 0 && strcmp($newpass1, $newpass2) == 0) {
changePass($user, $newpass1);
echo "thanks for logging in {$user}!";
} else {
echo "either your password was typed wrong or your new passwords did not match. <a href='" . $_SERVER['PHP_SELF'] . "'>try again</a>";
}
}
?>
<?php
include_once "footer.php";
?>
<?php
#####################################################################
#
# File : CHANG PASS
# Project : Game Magazine Project
# Author : Béo Sagittarius
# Created : 07/01/2015
#
##################################################################### -->
include '/includes/backend/mysqli_connect.php';
include '/includes/functions.php';
if (isset($_POST['oldpass'])) {
$oldpass = mysqli_real_escape_string($dbc, strip_tags($_POST['oldpass']));
$newpass = mysqli_real_escape_string($dbc, strip_tags($_POST['newpass']));
$result = checkOldPass($oldpass, $_SESSION['uid']);
if (mysqli_num_rows($result) == 1) {
$user = mysqli_fetch_array($result, MYSQLI_ASSOC);
$rs2 = changePass($newpass, $_SESSION['uid']);
if (mysqli_affected_rows($dbc) == 1) {
echo json_encode(['status' => 'OK']);
} else {
echo json_encode(['status' => 'FAIL']);
}
} else {
echo json_encode(['status' => 'CHECK FAIL']);
}
}
<h4><a href="?p=admin">Main Menu</a> / <a href="?p=admin&sub=users">Manage Users</a> / <?php
echo $profile['username'];
?>
</h4>
</div> <!-- .content-header -->
<div class="main-content">
<?php
if (isset($_POST['action'])) {
if ($user['account_level'] <= $profile['account_level'] && $user['account_level'] != '4') {
output_message('error', 'You cannot edit this infomation. Not enough Privilages!');
} else {
if ($_POST['action'] == 'editProfile') {
changeDetails();
} elseif ($_POST['action'] == 'changePass') {
changePass();
} elseif ($_POST['action'] == 'editWeb') {
editUser();
}
}
}
?>
<!-- Table for general account details -->
<table style="border-bottom: 1px solid #E5E2E2;">
<thead>
<th colspan="4"><center><b><?php
echo $lang['general_stats'];
?>
</center></b></th>
</thead>
<?php
include '../init.php';
sleep(3);
$newpass = $_POST["newpass"];
$connewpass = $_POST["connewpass"];
$uid = $_POST["uid"];
$errors = array();
if (empty($newpass) || empty($connewpass) || empty($uid)) {
$errors[] = "One or more fields are empty. Please fill them up.";
} else {
if (strlen($newpass) > 20 || strlen($connewpass) > 20 || strlen($newpass) < 6 || strlen($connewpass) < 6) {
$errors[] = "Password should only 6 to 20 characters only.";
}
if ($newpass != $connewpass) {
$errors[] = "Password not the same.";
}
}
$return['msg'] = array();
if (!empty($errors)) {
foreach ($errors as $error) {
$return['error'] = true;
$return['msg'][] = $error . "\n";
}
} else {
changePass($newpass, $uid);
$return['error'] = false;
$return['msg'] = "Success";
}
echo json_encode($return);
} else {
$pass1 = strip($pass1);
$email = strip($email);
$ava = strip($ava);
$realname = strip($realname);
$location = strip($location);
$hobbies = strip($hobbies);
$bio = strip($bio);
$time = time();
if ($XUSER['TIME'] == 0) {
$time = 0;
}
DoQuery("DELETE FROM {$SERVER['TBL_PREFIX']}users WHERE username='******'NAME']}'");
DoQuery("INSERT INTO {$SERVER['TBL_PREFIX']}users VALUES\n('{$row['0']}','{$row['1']}','{$row['2']}','{$email}','{$row['4']}','{$ava}','{$realname}','{$location}','{$hobbies}','{$bio}','{$row['10']}','{$row['11']}','{$time}','{$row['13']}')");
if ($pass1 != "") {
changePass($pass1, $XUSER['NAME']);
}
}
} else {
$q = DoQuery("SELECT * FROM {$SERVER['TBL_PREFIX']}users WHERE username='******'");
$row = Do_Fetch_Row($q);
$email = $row[3];
$ava = $row[5];
$realname = $row[6];
$loco = $row[7];
$hobb = $row[8];
$bio = $row[9];
$body = "<Br>\n<div align=\"center\">\n<form action=\"index.php\" method=\"post\">\n<input type=\"hidden\" name=\"step\" value=\"5\">\n<input type=\"hidden\" name=\"viewprofile\" value=\"{$viewprofile}\">\n<table border=\"0\" cellspacing=\"1\" cellpadding=\"0\" bgcolor=\"{$CS['3']}\">\n<Tr><td><div align=\"center\">\n<table border=\"0\" cellspacing=\"1\" cellpadding=\"2\" bgcolor=\"{$CS['3']}\">\n\n<tr valign=\"top\">\n<td width=\"150\" bgcolor=\"{$CS['2']}\">{$txt['13']}</td>\n<td width=\"350\" bgcolor=\"{$CS['2']}\"><input type=\"password\" name=\"pass1\"></td>\n</tr>\n<tr valign=\"top\">\n<td width=\"150\" bgcolor=\"{$CS['2']}\">{$txt['46']}</td>\n<td width=\"350\" bgcolor=\"{$CS['2']}\"><input type=\"password\" name=\"pass2\"></td>\n</tr>\n<tr valign=\"top\">\n<td width=\"150\" bgcolor=\"{$CS['2']}\">{$txt['47']}</td>\n<td width=\"350\" bgcolor=\"{$CS['2']}\"><input type=\"text\" name=\"email\" value=\"{$email}\"></td>\n</tr>\n<tr valign=\"top\">\n<td width=\"150\" bgcolor=\"{$CS['2']}\">{$txt['48']}</td>\n<td width=\"350\" bgcolor=\"{$CS['2']}\"><input type=\"text\" name=\"ava\" value=\"{$ava}\"></td>\n</tr>\n<tr valign=\"top\">\n<td width=\"150\" bgcolor=\"{$CS['2']}\">{$txt['49']}</td>\n<td width=\"350\" bgcolor=\"{$CS['2']}\"><input type=\"text\" name=\"realname\" value=\"{$realname}\"></td>\n</tr>\n<tr valign=\"top\">\n<td width=\"150\" bgcolor=\"{$CS['2']}\">{$txt['50']}</td>\n<td width=\"350\" bgcolor=\"{$CS['2']}\"><input type=\"text\" name=\"location\" value=\"{$loco}\"></td>\n</tr>\n<tr valign=\"top\">\n<td width=\"150\" bgcolor=\"{$CS['2']}\">{$txt['51']}</td>\n<td width=\"350\" bgcolor=\"{$CS['2']}\"><input type=\"text\" name=\"hobbies\" value=\"{$hobb}\"></td>\n</tr>\n<tr valign=\"top\">\n<td width=\"150\" bgcolor=\"{$CS['2']}\">{$txt['52']}</td>\n<td width=\"350\" bgcolor=\"{$CS['2']}\"><textarea name=\"bio\">{$bio}</textarea></td>\n</tr>\n<tr valign=\"top\">\n<td width=\"150\" bgcolor=\"{$CS['2']}\"> </td>\n<td width=\"350\" bgcolor=\"{$CS['2']}\"><input type=\"submit\" value=\"{$txt['35']}\"> <input type=\"reset\" value=\"{$txt['36']}\"></td>\n</tr>\n</table>\n</div>\n</td></tr></table>\n</form></div><Br>\n";
}
} else {
$q = DoQuery("SELECT * FROM {$SERVER['TBL_PREFIX']}users WHERE username='******'");
function changeDetails()
{
global $DB, $lang, $user, $Account;
$success = 0;
// If password isnt emtpy
if (!empty($_POST['new_pass'])) {
$change = changePass();
if ($change == TRUE) {
$success++;
}
} else {
$success++;
}
$setemail = changeEmail();
if ($setemail == TRUE) {
$success++;
}
$setexp = $Account->setExpansion($user['id'], $_POST['exp']);
if ($setexp == TRUE) {
$success++;
}
if ($success == 3) {
output_message('success', $lang['account_update_success'] . '<meta http-equiv=refresh content="4;url=?p=account&sub=manage">');
}
}
$password_new_error = "VEATEADE: Uus parool on kohustuslik!";
} else {
$password_new = test_input($_POST["password_new"]);
}
if (empty($_POST["password_new_again"])) {
$password_new_again_error = "VEATEADE: Uus parool on kohustuslik!";
} else {
$password_new_again = test_input($_POST["password_new_again"]);
}
if ($_POST["password_new"] != $_POST["password_new_again"]) {
$password_repeat_error = "VEATEADE: Uued paroolid peavad kattuma!";
}
if ($password_current_error == "" && $password_new_error == "" && $password_new_again_error == "" && $password_repear_error == "") {
$newhash = hash("sha512", $password_new);
$oldhash = hash("sha512", $password_current);
changePass($newhash, $id_from_db, $oldhash);
}
}
}
$page_title = "Muuda parooli";
$page_file_name = "changepw.php";
?>
<div id="container">
<div id="header">
<div class="headerblock">
<?php
require_once "header.php";
?>
</div>
<div class="loginblockleft">
<form action="table.php" method="get">
echo view_admin_cursos($admin_id);
break;
case 'I':
echo add_admin();
break;
case 'U':
echo edit_admin($admin_id);
break;
case 'D':
echo delete_admin($admin_id);
break;
case 'changeUser':
echo changeUser($admin_id);
break;
case 'changePass':
echo changePass($admin_id);
break;
}
function add_admin()
{
$usu = $_REQUEST['usu'];
$pass = $_REQUEST['pass'];
$email = $_REQUEST['email'];
//ECHO's
//echo "usu: ".$usu."<br />";
//echo "pass: "******"<br />";
//echo "email: ".$email."<br />";
$SQL = "INSERT INTO administrador (usu, pass, comentario, email, created) VALUES ('{$usu}', '{$pass}', '{$comment}', '{$email}', current_timestamp);";
if (ejecutaConsulta($SQL)) {
?>
<script type="text/javascript" language="JavaScript">
