<?php require_once __DIR__ . '/lib/comm.php'; if (check_login() === 2) { die_min_html("尝试次数过多,请5分钟后再登录。"); } $pwd = str_replace("\\", "", str_replace("'", "", substr(filter_input(INPUT_POST, 'pwd', FILTER_SANITIZE_STRING), 0, 32))); $new_pwd = str_replace("\\", "", str_replace("'", "", substr(filter_input(INPUT_POST, 'npwd', FILTER_SANITIZE_STRING), 0, 32))); $exit = str_replace("\\", "", str_replace("'", "", substr(filter_input(INPUT_POST, 'exit', FILTER_SANITIZE_STRING), 0, 32))); if (strlen($pwd) > 0 && strlen($new_pwd) > 0 && check_login($pwd) === 0) { change_pwd($new_pwd); logout(); } if (strlen($pwd) > 0 && strlen($new_pwd) === 0 && check_login() !== 0 && login($pwd)) { header("Location:login.php"); die(""); } if (strcmp($exit, "exit") === 0 && check_login() === 0) { logout(); } ?> <!DOCTYPE HTML> <html> <head> <title>Login</title> <meta charset="UTF-8" /> <meta name="viewport" content="width=300, initial-scale=1, maximum-scale=1.6, minimum-scale=0.5, user-scalable=yes" /> <link rel="stylesheet" href="res/bootstrap.min.css"> <link rel="stylesheet" href="res/comm.css"> <?php comm_head_css();
$app->configureMode('development', function () use($app) { $app->config(array('debug' => true, 'log.enable' => true, 'log.level' => \Slim\Log::DEBUG)); }); $app->configureMode('production', function () use($app) { $app->config(array('debug' => false, 'log.enable' => true, 'log.level' => \Slim\Log::DEBUG)); }); $app->group('/users', function () use($app) { global $decode_body; $app->post('', $decode_body, function () { create_user(); }); $app->group('/:username', function () use($app) { global $check_token_exists; global $decode_body; $app->put('', $check_token_exists, $decode_body, function ($username) { change_pwd($username); }); $app->delete('', $check_token_exists, function ($username) { delete_user($username); }); }); }); $app->group('/calendars', function () use($app) { global $check_token_exists; global $decode_body; $app->get('', $check_token_exists, function () { get_calendars(); }); $app->post('', $check_token_exists, $decode_body, function () { create_calendar(); });
} break; case 'lostpass': if (isset($_POST['username']) && isset($_POST['email'])) { echo forget_password($_POST['username'], $_POST['email']); } else { echo 'Invalid request'; } break; case 'changePwd': if (!isset($_SESSION['username'])) { echo 'You are offline'; exit; } if (isset($_POST['oldpwd']) && isset($_POST['newpwd'])) { echo change_pwd($_SESSION['username'], $_POST['oldpwd'], $_POST['newpwd']); } else { echo 'Invalid request'; } break; /* case 'logout': unset($_SESSION['username']); echo 'true'; break; */ /* case 'logout': unset($_SESSION['username']); echo 'true'; break;
echo change_role($login, $val); exit; } elseif (isset($_GET['a']) && $_GET['a'] == 'deluid') { if (empty($_GET['uid']) || !($login = trim($_GET['uid']))) { return; } strenc_todb($val); user_delete($login); header('Location: users.php'); exit; } elseif (isset($_GET['a']) && $_GET['a'] == 'newuid') { if (empty($_GET['val']) || !($login = trim($_GET['val']))) { return; } strenc_todb($val); user_create($login); header('Location: users.php'); exit; } elseif (isset($_GET['a']) && $_GET['a'] == 'newpwd') { if (empty($_GET['uid']) || !($login = trim($_GET['uid']))) { return; } if (empty($_GET['val']) || !($pwd = trim($_GET['val']))) { return; } strenc_todb($val); change_pwd($login, $pwd); header('Location: users.php'); exit; } include_once 'mainpage.php';
<h1>Změnit heslo</h1> <div style="border:#412617 solid 1px;padding:8px 10px 4px"> <form method="post" action="https://{$_SERVER['SERVER_NAME']}{$_SERVER['SCRIPT_NAME']}?q=change_pwd"> <input type="input" name="pwd_o" value="Stávající heslo" class="pwd" onfocus="make_blank_pwd(this);" style="color: gray; font-style: italic;" /><br/> <input type="input" name="pwd_1" value="Nové heslo" class="pwd" onfocus="make_blank_pwd(this);" style="color: gray; font-style: italic;" /><br/> <input type="input" name="pwd_2" value="Opakovat heslo" class="pwd" onfocus="make_blank_pwd(this);" style="color: gray; font-style: italic;" /><br/> <input type="submit" value="Potvrdit" style="margin-top: 5px;"/> </form> <p>{$errmsg}</p> </div> EOL; } if (isset($_GET['q']) && $_GET['q'] == 'change_pwd') { if (empty($_POST['pwd_o']) || !($oldpwd = trim($_POST['pwd_o']))) { return; } if (empty($_POST['pwd_1']) || !($newpwd = trim($_POST['pwd_1']))) { return; } if (empty($_POST['pwd_2']) || !($newpwd_r = trim($_POST['pwd_2']))) { return; } if (0 == change_pwd($oldpwd, $newpwd, $newpwd_r)) { header('Location: admin.php?s'); } else { header('Location: admin.php?f'); } exit; } include_once 'mainpage.php';
$comptes = unserialize($serialized_comptes); } else { $comptes = array(); } $submit = $_POST['submit']; if ($submit != 'OK') { return "ERROR\n"; } $compte = array(); $compte['login'] = $_POST['login']; $compte['newpw'] = hash("whirlpool", $_POST['newpw']); $compte['oldpw'] = hash("whirlpool", $_POST['oldpw']); if ($compte['login'] == '' || $compte['newpw'] == '' || $compte['oldpw'] == '') { return "ERROR\n"; } foreach ($comptes as $key => $value) { if ($compte['login'] == $value['login']) { $index = $key; } } if ($key && $comptes[$key]['passwd'] == $compte['oldpw']) { $comptes[$key]['passwd'] = $compte['newpw']; $serialized_comptes = serialize($comptes); file_put_contents("../private/passwd", $serialized_comptes); return "OK\n"; } else { return "ERROR\n"; } } echo change_pwd();
<?php include_once 'lib/nav.inc.php'; include_once 'lib/slidebar_left.inc.php'; //get post value if (!empty($_POST)) { $now_pwd = mysqli_real_escape_string($dbc, trim($_POST['nowpassword'])); $pwd = mysqli_real_escape_string($dbc, trim($_POST['password'])); $email = mysqli_real_escape_string($dbc, trim($_POST['email'])); //验证当前密码 if (!pwd_verify($uid, $now_pwd)) { echo ' <script>alert("当前密码错误!")</script> '; echo " <script>window.location='profile_update.php';</script> "; } else { //更新密码 if (!empty($_POST['password'])) { if (change_pwd($uid, $pwd)) { echo ' <script>alert("修改成功!")</script> '; echo " <script>window.location='profile_update.php';</script> "; } else { echo ' <script>alert("出错了!")</script> '; echo " <script>window.location='profile_update.php';</script> "; } } //更新邮箱 if (!empty($_POST['email'])) { if (change_email($uid, $email)) { echo ' <script>alert("修改成功!")</script> '; echo " <script>window.location='profile_update.php';</script> "; } else { echo ' <script>alert("出错了!")</script> '; echo " <script>window.location='profile_update.php';</script> ";