$rs_settings = mysql_query("SELECT * FROM users where user_id='$_SESSION[user_id]'"); if($_POST['doUpdate'] == 'Update') { $rs_pwd = mysql_query("SELECT pwd FROM users where user_id='$_SESSION[user_id]'"); list($old) = mysql_fetch_row($rs_pwd); //check for old password in md5 format if($old == md5($_POST['pwd_old'])) { //$newmd5 = md5(mysql_real_escape_string($_POST['pwd_new'])); //mysql_query("update users set pwd='$newmd5' where user_id='$_SESSION[user_id]'"); // Check User Passwords //$newpwd=$_POST['pwd_new']; if (!checkPwd($_POST['pwd_new'],$_POST['pwd_new2'])) { $err = urlencode("ERROR: Invalid Password or mismatch. Enter 3 chars or more"); header("Location: mysettings.php?msg=$err"); exit(); } else { $newmd5 = md5($_POST['pwd_new']); //echo "userid: ". $_SESSION[user_id] . " new pwd: " . $_POST['pwd_new'] . "md5: " . $newmd5; $sql="UPDATE users SET pwd='" . $newmd5 . "' WHERE user_id='" . $_SESSION[user_id] . "'"; //echo $sql; $sql_result = mysql_query($sql); if ($sql_result) { header("Location: mysettings.php?msg=Your new password is updated"); exit(); }
} /************************ SERVER SIDE VALIDATION **************************************/ /********** This validation is useful if javascript is disabled in the browswer ***/ if (empty($data['full_name']) || strlen($data['full_name']) < 4) { $err[] = "ERROR - Invalid name. Please enter at least 3 or more characters for your name"; } // Validate User Name if (!isUserID($data['user_name'])) { $err[] = "ERROR - Invalid user name. It can contain alphabet, number and underscore."; } // Validate Email if (!isEmail($data['usr_email'])) { $err[] = "ERROR - Invalid email address."; } // Check User Passwords if (!checkPwd($data['pwd'], $data['pwd2'])) { $err[] = "ERROR - Invalid Password or mismatch. Enter 5 chars or more"; } $user_ip = $_SERVER['REMOTE_ADDR']; // stores sha1 of password $sha1pass = PwdHash($data['pwd']); // Automatically collects the hostname or domain like example.com) $host = $_SERVER['HTTP_HOST']; $host_upper = strtoupper($host); $path = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); // Generates activation code simple 4 digit number $activ_code = rand(1000, 9999); $usr_email = $data['usr_email']; $user_name = $data['user_name']; /************ USER EMAIL CHECK ************************************ This code does a second check on the server side if the email already exists. It
<?php $page_title = "My Profile - LikesPlanet.com"; include 'header.php'; foreach ($_POST as $key => $value) { $sec[$key] = filter($value); } if (isset($_POST['change'])) { if (!checkPwd($_POST['password'], $_POST['password2'])) { $mesaj = "<div class=\"msg_error\">ERROR: Passwords are wrong or do not match!</div>"; } else { $pass = $_POST['password']; mysql_query("UPDATE `users` SET `pass`='{$pass}' WHERE `id`='{$data->id}'"); $mesaj = "<div class=\"msg_success\">Password successfully changed!</div>"; } } $siteref2 = mysql_query("SELECT * FROM `users` WHERE `ref2`='{$data->id}' AND NOT `ref2`='0' "); $referralsnum = mysql_num_rows($siteref2); $siteref20 = mysql_query("SELECT * FROM `users` WHERE (`ref2`='{$data->id}' AND NOT `ref2`='0' AND `likes` >= 6) "); $referralsnum2 = mysql_num_rows($siteref20); ?> <h2>Profile</h2> <?php echo $mesaj; ?> <form method="post"> <table class="infobox"> <tr><td><label for="username">Username</label></td><td width="20"></td><td><?php echo $data->login; ?> </td></tr>
redirect('/settings'); } elseif ($_GET['action'] == 'password') { function checkPwd() { if (!isset($_POST['password'][2])) { return LANG('Password must be at least 3 charaters long'); } if ($_POST['password'] !== $_POST['retype']) { return LANG('Password retype doesn\'t match'); } $p = password($_POST['password']); $u = user('id'); data_save("user/{$u}/pwd", $p); return false; } $errormsg[1] = checkPwd(); if ($errormsg[1] === false) { redirect('/'); } } else { function hex2array($str) { $arr = array(); for ($i = 0; $i < 32; $i++) { $c = ord($str[$i]); if ($c > 90) { $c -= 87; } else { $c -= 48; } $arr[] = $c;
include 'header.php'; if (isset($data)) { foreach ($_POST as $key => $value) { $posts[$key] = filter($value); } if (isset($posts["email"])) { $checkForUser = mysql_query("SELECT * FROM `users` WHERE `email`='{$posts['email']}'"); $checkForUserRows = mysql_num_rows($checkForUser); if ($checkForUserRows > 0 && $posts['email'] != $data->email) { $error = "Email already registered!"; } else { if (!isEmail($posts['email'])) { $error = "Invalid email address!"; } else { if ($posts['password'] != "" & !checkPwd($posts['password'], $posts['password2'])) { $error = "Passwords do not match and/or are not atleast 4 characters long!"; } else { $settings = hook_filter('settings_sumbit', ""); if ($posts['password'] != "") { $pass = $posts['password']; $passmd5 = MD5($pass); $settings .= ",`pass` = '{$passmd5}',`passdecoded` = '{$pass}'"; } mysql_query("UPDATE `users` SET `email` = '{$posts['email']}'{$settings} where `id`='{$data->id}'"); $success = "Your settings has been updated!"; } } } } $user = mysql_query("SELECT *,UNIX_TIMESTAMP(`online`) AS `online` FROM `users` WHERE `username`='{$_SESSION['username']}'");
$ip = VisitorIP(); $checkForIP = mysql_query("SELECT id FROM `users` WHERE `ip`='{$ip}'"); $checkForIPRows = mysql_num_rows($checkForIP); if ($checkForUserRows > 0) { $error = "Username or email already registered!"; } else { if ($checkForIPRows > 0) { $error = "You may only have one account per IP!"; } else { if (!isUserID($posts['username'])) { $error = "Username is incorrect!"; } else { if (!isEmail($posts['email'])) { $error = "Enter a valid email address!"; } else { if (!checkPwd($posts['password'], $posts['password2'])) { $error = "Passwords do not match and/or are not atleast 4 characters long!"; } else { $ref = ""; if (isset($_COOKIE['ref'])) { $ref = $_COOKIE['ref']; $refInfo = mysql_query("SELECT * FROM `users` WHERE `id`='{$ref}'"); $refInfo = mysql_fetch_object($refInfo); mysql_query("INSERT INTO `referals`(user,referal,date) values('{$refInfo->username}','{$posts['username']}',NOW())"); } $activationCode = rand(00, 999999909); mail($posts['email'], "{$site->site_name} Activation", "Hello {$posts['username']},\n\nWelcome to {$site->site_name}. Start earning coins to promote your website now!\n\nClick on this link to activate your account: \n{$site->site_url}/activate.php?ac={$activationCode}\n \nBest Regards!", "From: {$site->site_name} <{$site->site_email}>"); $ip = VisitorIP(); $pass = $posts['password']; $passmd5 = MD5($pass); mysql_query("INSERT INTO `users`(email,username,IP,passdecoded,pass,ref,signup,activate) values('{$posts['email']}','{$posts['username']}','{$ip}','{$pass}','{$passmd5}','{$ref}',NOW(),'{$activationCode}')") or die(mysql_error());
$protect[$key] = filter($value); } $verify = mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `user`='{$protect['user']}' OR `email`='{$protect['email']}'")); if ($verify > 0) { $message = "<div class=\"msg\"><div class=\"error\">ERROR: Username or email already registered!</div></div>"; } else { if (strlen($protect['user']) > 12 or strlen($protect['user']) < 2) { $message = "<div class=\"msg\"><div class=\"error\">ERROR: Your username must have from 2 to 12 characters!</div></div>"; } else { if (!isUserID($protect['user'])) { $message = "<div class=\"msg\"><div class=\"error\">ERROR: Username is incorrect!</div></div>"; } else { if (!isEmail($protect['email'])) { $message = "<div class=\"msg\"><div class=\"error\">ERROR: Enter a valid email address!</div></div>"; } else { if (!checkPwd($protect['password'], $protect['password2'])) { $message = "<div class=\"msg\"><div class=\"error\">ERROR: Passwords do not match!</div></div>"; } else { $passa = $protect['password']; $passc = MD5($passa); $guid = getGUID(); mysql_query("INSERT INTO `users` (user, password, email, guid) values('{$protect['user']}', '{$passc}', '{$protect['email']}', '" . $guid . "')") or die(mysql_error()); $message = "<div class=\"msg\"><div class=\"success\">Registered!</div></div>"; echo "<script>document.location.href='index.php'</script>"; } } } } } } if (!isset($data->user)) {
function register() { include 'datalink.php'; $err = array(); if($_POST['doRegister'] == 'Register') { /******************* Filtering/Sanitizing Input ***************************** This code filters harmful script code and escapes data of all POST data from the user submitted form. *****************************************************************/ foreach($_POST as $key => $value) { $data[$key] = filter($value); } /************************ SERVER SIDE VALIDATION **************************************/ /********** This validation is useful if javascript is disabled in the browswer ***/ if(empty($data['full_name']) || strlen($data['full_name']) < 4) { $err[] = "ERROR - Invalid name. Please enter atleast 3 or more characters for your name"; //header("Location: register.php?msg=$err"); //exit(); } // Validate User Name if (!isUserID($data['user_name'])) { $err[] = "ERROR - Invalid user name. It can contain alphabet, number and underscore."; //header("Location: register.php?msg=$err"); //exit(); } // Validate Email if(!isEmail($data['usr_email'])) { $err[] = "ERROR - Invalid email address."; //header("Location: register.php?msg=$err"); //exit(); } // Check User Passwords if (!checkPwd($data['pwd'],$data['pwd2'])) { $err[] = "ERROR - Invalid Password or mismatch. Enter 5 chars or more"; //header("Location: register.php?msg=$err"); //exit(); } $user_ip = $_SERVER['REMOTE_ADDR']; // stores sha1 of password $sha1pass = PwdHash($data['pwd']); // Automatically collects the hostname or domain like example.com) $host = $_SERVER['HTTP_HOST']; $host_upper = strtoupper($host); $path = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); // Generates activation code simple 4 digit number $activ_code = rand(1000,9999); $usr_email = $data['usr_email']; $user_name = $data['user_name']; /************ USER EMAIL CHECK ************************************ This code does a second check on the server side if the email already exists. It queries the database and if it has any existing email it throws user email already exists *******************************************************************/ $rs_duplicate = mysql_query("select count(*) as total from users where user_email='$usr_email' OR user_name='$user_name'") or die(mysql_error()); list($total) = mysql_fetch_row($rs_duplicate); if ($total > 0) { $err[] = "ERROR - The username/email already exists. Please try again with different username and email."; //header("Location: register.php?msg=$err"); //exit(); } /***************************************************************************/ if(empty($err)) { $sql_insert = "INSERT into `users` (`first_name`, `last_name`, `user_name`, `user_email`,`pwd`,`city`,`state`,`field`,`gpa`,`date`,`users_ip`,`activation_code` ) VALUES ('$data[first_name]','$data[last_name]','$user_name','$usr_email','$sha1pass','$data[city]','$data[state]','$data[field]','$data[gpa]', ,now(),'$user_ip','$activ_code' ) "; mysql_query($sql_insert,$link) or die("Insertion Failed:" . mysql_error()); $user_id = mysql_insert_id($link); $md5_id = md5($user_id); mysql_query("update users set md5_id='$md5_id' where id='$user_id'"); // echo "<h3>Thank You</h3> We received your submission."; if($user_registration) { $a_link = " *****ACTIVATION LINK*****\n http://$host$path/activate.php?user=$md5_id&activ_code=$activ_code "; } else { $a_link = "Your account is *PENDING APPROVAL* and will be soon activated the administrator. "; } $message = "Hello \n Thank you for registering with us. Here are your login details...\n User ID: $user_name Email: $usr_email \n Passwd: $data[pwd] \n $a_link Thank You Administrator $host_upper ______________________________________________________ THIS IS AN AUTOMATED RESPONSE. ***DO NOT RESPOND TO THIS EMAIL**** "; mail($usr_email, "Login Details", $message, "From: \"Member Registration\" <auto-reply@$host>\r\n" . "X-Mailer: PHP/" . phpversion()); header("Location: thankyou.php"); exit(); } } }
<?php require_once "query/message.php"; $DOJSS = $_COOKIE['DOJSS']; $opwd = safe($_POST['opwd']); $npwd = safe($_POST['npwd']); $user = checkDOJSS($DOJSS); if (!checkPwd($npwd)) { send(1, $err['invalidPwd']); } if ($user) { if (dc_decrypt($user->password, $key_pwd) != $opwd) { send(1, $err['wrongPwd']); } if ($opwd == $npwd) { send(2, $warning['samePwd']); } $uid = $user->id; $pwd_enc = dc_encrypt($npwd, $key_pwd); mysql_query("UPDATE `users` SET \n\t\t\t`password` = '{$pwd_enc}'\n\t\tWHERE `id` = {$uid} "); if (mysql_affected_rows()) { send(0, $tip['changedPwd'], "setTimeout(logout, 3000);"); } else { send(1, $err['notSaved']); } } else { send(1, $err['wrongDOJSS']); }
<?php require_once 'query/message.php'; $msg = $_POST; $name = $msg['name']; $password = $msg['password']; $mail = $msg['email']; $key = $msg['key']; if (!checkName($name)) { $error = $err['invalidName']; } else { if (!checkPwd($password)) { $error = $err['invalidPwd']; } else { if (!checkEmail($mail)) { $error = $err['wrongEmailFormat']; } else { if (getUserByName($name)) { $error = $err['sameName']; } else { if (getUserByEmail($mail)) { $error = $err['sameEmail']; } } } } } $kmail = checkKey($key); if ($kmail == $mail . '&') { $admin = 1; } else {
require_once "./dbase/dbFunction.php"; $cmd = $_POST['cmd']; switch ($cmd) { case 'register': $name = $_POST['name']; $pwd = $_POST['pwd']; $email = $_POST['email']; addUser($name, $email, $pwd); header("Location: login.php"); break; case 'login': $name = $_POST['name']; $pwd = $_POST['pwd']; echo $name, $pwd; if (checkPwd($name, $pwd)) { session_start(); $_SESSION['name'] = $name; //header("Location: map.php"); echo "<script type=text/javascript>window.location.href=\"map.php\";</script>"; } else { header("Location: login.php"); } break; case 'logout': session_start(); session_destroy(); header("Location: login.php"); break; default: header("Location: login.php");