/**
* Update the credentials for the given user.
* @author pdvrieze
* @param mysqli $db The database connection.
* @param string $user The user whose password to update.
* @param string $newpassword The new password
*/
function updateCredentials($db, $user, $newpassword)
{
$passwordhash = createPasswordHash($password);
if ($stmt = $db->prepare('UPDATE `users` SET `password` = ? WHERE `user` = ?')) {
if (!$stmt->bind_param("ss", $passwordhash, $user)) {
handleError($db->error);
}
if ($stmt->execute() !== False) {
$db->commit();
return TRUE;
} else {
$db->rollback();
handleError("Error updating password");
}
}
}
} else {
//insert
unset($insert);
$insert['USER_ID'] = "'" . $_POST['email'] . "'";
$insert['EMAIL'] = "'" . $_POST['email'] . "'";
$insert['NAME'] = "'" . $_POST['name'] . "'";
$insert['LAST_NAME'] = "'" . $_POST['surname'] . "'";
$insert['SEX'] = "'" . $_POST['sex'] . "'";
$insert['ADDRESS1'] = "'" . $_POST['address'] . "'";
$insert['CITIZEN_ID'] = "'" . $_POST['idcard'] . "'";
$insert['PROVINCE_ID'] = "'" . $_POST['province'] . "'";
$insert['DISTRICT_ID'] = "'" . $_POST['district'] . "'";
$insert['SUB_DISTRICT_ID'] = "'" . $_POST['sub_district'] . "'";
$insert['POST_CODE'] = "'" . $_POST['postcode'] . "'";
$insert['BIRTHDAY'] = "'" . ConvertDateToDB($_POST['birthday']) . "'";
$insert['PWD'] = "'" . createPasswordHash($_POST['password1']) . "'";
$insert['USER_CREATE'] = "'" . $_POST['email'] . "'";
$insert['CREATE_DATE'] = "NOW()";
$insert['ACTIVE_FLAG'] = "'0'";
$insert['TELEPHONE'] = "'" . $_POST['telephone'] . "'";
$insert['MOBILE_PHONE'] = "'" . $_POST['mobile'] . "'";
$insert['FAX'] = "'" . $_POST['fax'] . "'";
$sql = "INSERT INTO sys_app_user (" . implode(",", array_keys($insert)) . ") VALUES (" . implode(",", array_values($insert)) . ")";
mysql_query($sql, $conn) or die($sql);
$retrunID = mysql_insert_id();
unset($insert);
$insert['USER_ID'] = "'" . $_POST['email'] . "'";
$insert['USER_TYPE_ID'] = "'2'";
$sql = "INSERT INTO sys_mapping_user_type (" . implode(",", array_keys($insert)) . ") VALUES (" . implode(",", array_values($insert)) . ")";
mysql_query($sql, $conn) or die($sql);
$body = "";
$txtName = $_POST['txtName'];
$txtLastName = $_POST['txtLastName'];
$txtCitizenID = $_POST['txtCitizenID'];
$txtAddress = $_POST['txtAddress'];
$province = $_POST['cmbProvince'];
$district = $_POST['cmbDistrict'];
$subDistrict = $_POST['cmbSubDistrict'];
$txtPostCode = $_POST['txtPostCode'];
$txtTelephone = $_POST['txtTelephone'];
$txtPwd = $_POST['txtPwd'];
$txtMobilePhone = $_POST['txtMobilePhone'];
$txtFax = $_POST['txtFax'];
$lastPwd = $_POST['hidLastPassword'];
$savePwd = $lastPwd;
if (createPasswordHash($txtPwd) != $lastPwd) {
$savePwd = createPasswordHash($txtPwd);
}
$strSQL = "update sys_app_user ";
$strSQL .= "set NAME = '" . $txtName . "'";
$strSQL .= " ,LAST_NAME = '" . $txtLastName . "'";
$strSQL .= " , ADDRESS1 = '" . $txtAddress . "'";
$strSQL .= " ,DISTRICT_ID = '" . $district . "'";
$strSQL .= " ,SUB_DISTRICT_ID = '" . $subDistrict . "'";
$strSQL .= " ,PROVINCE_ID = '" . $province . "'";
$strSQL .= " ,POST_CODE = '" . $txtPostCode . "'";
$strSQL .= " ,TELEPHONE = '" . $txtTelephone . "'";
$strSQL .= " ,CITIZEN_ID = '" . $txtCitizenID . "'";
$strSQL .= " ,LAST_UPDATE_DATE = now() ";
$strSQL .= " ,LAST_UPDATE_USER = '******'";
$strSQL .= " ,LAST_FUNCTION = 'U'";
$strSQL .= " ,PWD = '" . $savePwd . "'";
require ('../inc_meta.php');
?>
</head>
<body>
<?
require ('../inc_header.php');
?>
<div class="main-container">
<div class="main-body marginC">
<?php
require '../inc_side.php';
?>
<?
echo "helloPassword >> hash " . createPasswordHash("helloPassword");
?>
<div class="mod-body">
<div class="buttonActionBox">
<input type="button" value="สร้างใหม่" class="buttonAction emerald-flat-button" onclick="location.href = 'addUser.php';" >
<input type="button" value="ลบ" class="buttonAction alizarin-flat-button" onclick="deleteCheck();" data-pageDelete="delUser.php">
<input type="button" value="จัดเรียง" class="buttonAction peter-river-flat-button" onclick="orderPage('order.php');">
</div>
<div class="mod-body-inner">
<div class="mod-body-inner-header">
<div class="floatL titleBox">ผู้ใช้งาน</div>
<div class="floatR searchBox">
<form name="search" action="?" method="post">
<input type="search" name="str_search" value="" />
<input type="image" name="search_submit" src="../images/small-n-flat/search.svg" alt="Submit Form" class="p-Relative" />
$txtEmail = $_POST['txtEmail'];
$txtName = $_POST['txtName'];
$txtLastName = $_POST['txtLastName'];
$txtCitizenID = $_POST['txtCitizenID'];
$txtAddress = $_POST['txtAddress'];
$province = $_POST['cmbProvince'];
$district = $_POST['cmbDistrict'];
$subDistrict = $_POST['cmbSubDistrict'];
$txtPostCode = $_POST['txtPostCode'];
$txtTelephone = $_POST['txtTelephone'];
$txtPwd = $_POST['txtPwd'];
$txtMobilePhone = $_POST['txtMobilePhone'];
$txtFax = $_POST['txtFax'];
$strSQL = "INSERT INTO sys_app_user ";
$strSQL .= "(USER_ID,NAME,LAST_NAME,ADDRESS1,DISTRICT_ID,SUB_DISTRICT_ID,PROVINCE_ID";
$strSQL .= ",POST_CODE,TELEPHONE,EMAIL,CITIZEN_ID,USER_CREATE,CREATE_DATE,LAST_FUNCTION , PWD , MOBILE_PHONE , FAX) ";
$strSQL .= "VALUES ";
$strSQL .= "('" . $txtEmail . "','" . $txtName . "','" . $txtLastName . "','" . $txtAddress . "','" . $district . "','" . $subDistrict . "','" . $province . "' ";
$strSQL .= ",'" . $txtPostCode . "','" . $txtTelephone . "','" . $txtEmail . "','" . $txtCitizenID . "','Test' , now() , 'A' , '" . createPasswordHash($txtPwd) . "' , '" . $txtMobilePhone . "' , '" . $txtFax . "') ";
$objQuery = mysql_query($strSQL);
if ($objQuery) {
// header("Location:"._FULL_SITE_PATH_."/administrator/mod_user/index.php");
echo "<script type='text/javascript'>window.location.href = '" . _FULL_SITE_PATH_ . "/administrator/mod_user/index.php';</script>";
} else {
echo "Error Save [" . $strSQL . "]";
}
}
?>
</body>
</html>
require "assets/configs/function.inc.php";
if (!isset($_SESSION['LANG'])) {
$_SESSION['LANG'] = 'TH';
}
//TH , EN
if ($_SESSION['LANG'] == 'TH') {
require "inc/inc-th-lang.php";
} else {
if ($_SESSION['LANG'] == 'EN') {
require "inc/inc-en-lang.php";
}
}
header('Content-type: text/html; charset=utf-8');
if (isset($_GET['edit'])) {
$sql = "SELECT ID,USER_ID,`NAME`,LAST_NAME,PWD FROM sys_app_user where ID = '" . $_SESSION['UID'] . "' ";
$rs = mysql_query($sql) or die(mysql_error());
$rowUser = mysql_fetch_array($rs);
if ($rowUser['PWD'] != createPasswordHash($_POST['oldPwd'])) {
$_SESSION['CHANGE_PWD_ERR_MSG'] = $old_pwd_invalid;
header("Location:" . _FULL_SITE_PATH_ . "/account-password.php");
} else {
// pass can update
$update = "";
$update[] = "PWD = '" . createPasswordHash($_POST['newPwd']) . "'";
$update[] = "LAST_UPDATE_DATE = NOW()";
$update[] = "LAST_UPDATE_USER = '******'user_name'] . "'";
$sql = "UPDATE sys_app_user SET " . implode(",", $update) . " WHERE ID = " . $_SESSION['UID'];
mysql_query($sql, $conn);
header('Location: ' . 'account.php');
}
}
<?php
require "assets/configs/config.inc.php";
require "assets/configs/connectdb.inc.php";
require "assets/configs/function.inc.php";
header('Content-type: text/html; charset=utf-8');
$getUserSql = "SELECT ID,\n\t\t\t\t\t\tUSER_ID,\n\t\t\t\t\t\t`NAME`,\n\t\t\t\t\t\tLAST_NAME,\n\t\t\t\t\t\tPWD,\n\t\t\t\t\t\tIMAGE_PATH\n\t\t\t\t\tFROM\n\t\t\t\t\t\tsys_app_user\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tUSER_ID = '" . $_POST['txtEmail'] . "'\n\t\t\t\t\tand ACTIVE_FLAG = 1 ";
$query = mysql_query($getUserSql, $conn);
$validatePass = FALSE;
while ($row = mysql_fetch_array($query)) {
if ($row['PWD'] == createPasswordHash($_POST['txtPwd'])) {
$validatePass = TRUE;
$_SESSION['user_name'] = $row['USER_ID'];
$_SESSION['UID'] = $row['ID'];
$_SESSION['IMAGE_PATH'] = $row['IMAGE_PATH'];
} else {
$_SESSION['LOGIN_FAIL_MSG'] = "รหัสผ่านไม่ถูกต้อง";
}
}
if ($validatePass) {
unset($insert);
$insert['USER_ID'] = "'" . $_SESSION['user_name'] . "'";
$insert['LOGIN_DATE'] = "now()";
$sql = "INSERT INTO log_user_login (" . implode(",", array_keys($insert)) . ") VALUES (" . implode(",", array_values($insert)) . ")";
mysql_query($sql, $conn) or die($sql);
//header("Location : " . $_SESSION['last_url']);
$last_url = $_SESSION['last_url'];
// if (strpos($last_url, 'login') !== false)
// $last_url = '';
if ($last_url != '') {
//echo "<script type='text/javascript'>window.location.href = '" . $last_url . "';</script>";
