<?php
checkauthentication();
$table = "xuser_pegawai";
$field = array("username", "password", "reset");
$p_next = 55;
if (@$_POST['xuser']) {
extract($_POST);
if ($oldpassword != "") {
if ($password != "") {
if ($retrypassword != "") {
$ocheck = xuser("password", "username = '******'");
$check = mysql_fetch_array($ocheck);
$len = strlen($oldpassword);
if (md5($oldpassword) == decode_password($check['password'], $len)) {
if ($password == $retrypassword) {
$username = $susername;
$len = strlen($password);
$password = encode_password(md5($password), $len);
$reset = "0";
foreach ($field as $k => $val) {
$value[$k] = ${$val};
}
$sql = sql_update($table, $field, $value);
$sql = str_replace("''", "NULL", $sql);
$query = mysql_query($sql);
if ($query == 1) {
$msg = "Ubah kata sandi berhasil. Id = " . $susername . ".";
update_log($msg, $table, $susername, 1);
$_SESSION['errmsg'] = $msg;
} else {
function xuser_list()
{
return xuser("level >= '" . $_SESSION['xlevel'] . "' OR username='******'xuser'] . "'", "username");
}
<?php
checkauthentication();
$table = "xuser";
$field = get_field($table);
$h = ekstrak_get($get[1]);
$q = ekstrak_get(@$get[2]);
$omenu = xmenu("parent", "id = '" . $p . "'");
$xmenu = mysql_fetch_array($omenu);
$p_next = $xmenu['parent'] . "&h=" . $h;
if (@$_POST['xuser']) {
extract($_POST);
if ($username != "") {
$ocheck = xuser("username", "username = '******' AND username != '" . $id . "'");
$ncheck = mysql_num_rows($ocheck);
if ($ncheck == 0) {
if ($id == "") {
if ($password != "") {
if ($password == $password2) {
$len = strlen($password);
$password = encode_password(md5($password), $len);
$reset = "1";
foreach ($field as $k => $val) {
$value[$k] = ${$val};
}
$sql = sql_insert($table, $field, $value);
$sql = str_replace("''", "NULL", $sql);
$query = mysql_query($sql);
if ($query == 1) {
$msg = "Tambah pengguna berhasil. Id = " . $username . ".";
$field = get_field("xuserlevel");
<?php
#@
session_start();
include_once "includes.php";
$xlogin = @$_POST['xlogin'];
$xusername = @$_POST['xusername'];
$xpassword = @$_POST['xpassword'];
if ($xlogin == "28B60A2D") {
if ($xusername != "") {
if ($xpassword != "") {
$ouser = xuser("username, password, unit, aktif, reset, kunci", "username = '******'");
$nuser = mysql_num_rows($ouser);
if ($nuser == 1) {
$xuser = mysql_fetch_array($ouser);
if ($xuser['aktif'] == "1") {
$len = strlen($xpassword);
if (decode_password($xuser['password'], $len) == md5($xpassword)) {
$session_name = "Kh41r4";
$_SESSION[$session_name] = 1;
$_SESSION['xusername_' . $session_name] = $xuser['username'];
$_SESSION['xunit_' . $session_name] = $xuser['unit'];
$_SESSION['kunci_' . $session_name] = $xuser['kunci'];
$ouserlevel = xuserlevel("level", "username = '******'username'] . "'");
$xuserlevel = mysql_fetch_array($ouserlevel);
$_SESSION['xlevel_' . $session_name] = $xuserlevel['level'];
$msg = "Login berhasil.";
update_log($msg, 'xlogin', $xuser['username'], 1);
last_login($xuser['username']);
if ($xuser['reset'] == "0") {
?>