<?php
require_once __DIR__ . '/lib/comm.php';
if (check_login() === 2) {
die_min_html("尝试次数过多,请5分钟后再登录。");
}
$pwd = str_replace("\\", "", str_replace("'", "", substr(filter_input(INPUT_POST, 'pwd', FILTER_SANITIZE_STRING), 0, 32)));
$new_pwd = str_replace("\\", "", str_replace("'", "", substr(filter_input(INPUT_POST, 'npwd', FILTER_SANITIZE_STRING), 0, 32)));
$exit = str_replace("\\", "", str_replace("'", "", substr(filter_input(INPUT_POST, 'exit', FILTER_SANITIZE_STRING), 0, 32)));
if (strlen($pwd) > 0 && strlen($new_pwd) > 0 && check_login($pwd) === 0) {
change_pwd($new_pwd);
logout();
}
if (strlen($pwd) > 0 && strlen($new_pwd) === 0 && check_login() !== 0 && login($pwd)) {
header("Location:login.php");
die("");
}
if (strcmp($exit, "exit") === 0 && check_login() === 0) {
logout();
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Login</title>
<meta charset="UTF-8" />
<meta name="viewport" content="width=300, initial-scale=1, maximum-scale=1.6, minimum-scale=0.5, user-scalable=yes" />
<link rel="stylesheet" href="res/bootstrap.min.css">
<link rel="stylesheet" href="res/comm.css">
<?php
comm_head_css();
$app->configureMode('development', function () use($app) {
$app->config(array('debug' => true, 'log.enable' => true, 'log.level' => \Slim\Log::DEBUG));
});
$app->configureMode('production', function () use($app) {
$app->config(array('debug' => false, 'log.enable' => true, 'log.level' => \Slim\Log::DEBUG));
});
$app->group('/users', function () use($app) {
global $decode_body;
$app->post('', $decode_body, function () {
create_user();
});
$app->group('/:username', function () use($app) {
global $check_token_exists;
global $decode_body;
$app->put('', $check_token_exists, $decode_body, function ($username) {
change_pwd($username);
});
$app->delete('', $check_token_exists, function ($username) {
delete_user($username);
});
});
});
$app->group('/calendars', function () use($app) {
global $check_token_exists;
global $decode_body;
$app->get('', $check_token_exists, function () {
get_calendars();
});
$app->post('', $check_token_exists, $decode_body, function () {
create_calendar();
});
}
break;
case 'lostpass':
if (isset($_POST['username']) && isset($_POST['email'])) {
echo forget_password($_POST['username'], $_POST['email']);
} else {
echo 'Invalid request';
}
break;
case 'changePwd':
if (!isset($_SESSION['username'])) {
echo 'You are offline';
exit;
}
if (isset($_POST['oldpwd']) && isset($_POST['newpwd'])) {
echo change_pwd($_SESSION['username'], $_POST['oldpwd'], $_POST['newpwd']);
} else {
echo 'Invalid request';
}
break;
/*
case 'logout':
unset($_SESSION['username']);
echo 'true';
break;
*/
/*
case 'logout':
unset($_SESSION['username']);
echo 'true';
break;
echo change_role($login, $val);
exit;
} elseif (isset($_GET['a']) && $_GET['a'] == 'deluid') {
if (empty($_GET['uid']) || !($login = trim($_GET['uid']))) {
return;
}
strenc_todb($val);
user_delete($login);
header('Location: users.php');
exit;
} elseif (isset($_GET['a']) && $_GET['a'] == 'newuid') {
if (empty($_GET['val']) || !($login = trim($_GET['val']))) {
return;
}
strenc_todb($val);
user_create($login);
header('Location: users.php');
exit;
} elseif (isset($_GET['a']) && $_GET['a'] == 'newpwd') {
if (empty($_GET['uid']) || !($login = trim($_GET['uid']))) {
return;
}
if (empty($_GET['val']) || !($pwd = trim($_GET['val']))) {
return;
}
strenc_todb($val);
change_pwd($login, $pwd);
header('Location: users.php');
exit;
}
include_once 'mainpage.php';
<h1>Změnit heslo</h1>
<div style="border:#412617 solid 1px;padding:8px 10px 4px">
<form method="post" action="https://{$_SERVER['SERVER_NAME']}{$_SERVER['SCRIPT_NAME']}?q=change_pwd">
<input type="input" name="pwd_o" value="Stávající heslo" class="pwd" onfocus="make_blank_pwd(this);" style="color: gray; font-style: italic;" /><br/>
<input type="input" name="pwd_1" value="Nové heslo" class="pwd" onfocus="make_blank_pwd(this);" style="color: gray; font-style: italic;" /><br/>
<input type="input" name="pwd_2" value="Opakovat heslo" class="pwd" onfocus="make_blank_pwd(this);" style="color: gray; font-style: italic;" /><br/>
<input type="submit" value="Potvrdit" style="margin-top: 5px;"/>
</form>
<p>{$errmsg}</p>
</div>
EOL;
}
if (isset($_GET['q']) && $_GET['q'] == 'change_pwd') {
if (empty($_POST['pwd_o']) || !($oldpwd = trim($_POST['pwd_o']))) {
return;
}
if (empty($_POST['pwd_1']) || !($newpwd = trim($_POST['pwd_1']))) {
return;
}
if (empty($_POST['pwd_2']) || !($newpwd_r = trim($_POST['pwd_2']))) {
return;
}
if (0 == change_pwd($oldpwd, $newpwd, $newpwd_r)) {
header('Location: admin.php?s');
} else {
header('Location: admin.php?f');
}
exit;
}
include_once 'mainpage.php';
$comptes = unserialize($serialized_comptes);
} else {
$comptes = array();
}
$submit = $_POST['submit'];
if ($submit != 'OK') {
return "ERROR\n";
}
$compte = array();
$compte['login'] = $_POST['login'];
$compte['newpw'] = hash("whirlpool", $_POST['newpw']);
$compte['oldpw'] = hash("whirlpool", $_POST['oldpw']);
if ($compte['login'] == '' || $compte['newpw'] == '' || $compte['oldpw'] == '') {
return "ERROR\n";
}
foreach ($comptes as $key => $value) {
if ($compte['login'] == $value['login']) {
$index = $key;
}
}
if ($key && $comptes[$key]['passwd'] == $compte['oldpw']) {
$comptes[$key]['passwd'] = $compte['newpw'];
$serialized_comptes = serialize($comptes);
file_put_contents("../private/passwd", $serialized_comptes);
return "OK\n";
} else {
return "ERROR\n";
}
}
echo change_pwd();
<?php
include_once 'lib/nav.inc.php';
include_once 'lib/slidebar_left.inc.php';
//get post value
if (!empty($_POST)) {
$now_pwd = mysqli_real_escape_string($dbc, trim($_POST['nowpassword']));
$pwd = mysqli_real_escape_string($dbc, trim($_POST['password']));
$email = mysqli_real_escape_string($dbc, trim($_POST['email']));
//验证当前密码
if (!pwd_verify($uid, $now_pwd)) {
echo ' <script>alert("当前密码错误!")</script> ';
echo " <script>window.location='profile_update.php';</script> ";
} else {
//更新密码
if (!empty($_POST['password'])) {
if (change_pwd($uid, $pwd)) {
echo ' <script>alert("修改成功!")</script> ';
echo " <script>window.location='profile_update.php';</script> ";
} else {
echo ' <script>alert("出错了!")</script> ';
echo " <script>window.location='profile_update.php';</script> ";
}
}
//更新邮箱
if (!empty($_POST['email'])) {
if (change_email($uid, $email)) {
echo ' <script>alert("修改成功!")</script> ';
echo " <script>window.location='profile_update.php';</script> ";
} else {
echo ' <script>alert("出错了!")</script> ';
echo " <script>window.location='profile_update.php';</script> ";
