$rs_settings = mysql_query("SELECT * FROM users where user_id='$_SESSION[user_id]'");
if($_POST['doUpdate'] == 'Update')
{
$rs_pwd = mysql_query("SELECT pwd FROM users where user_id='$_SESSION[user_id]'");
list($old) = mysql_fetch_row($rs_pwd);
//check for old password in md5 format
if($old == md5($_POST['pwd_old']))
{
//$newmd5 = md5(mysql_real_escape_string($_POST['pwd_new']));
//mysql_query("update users set pwd='$newmd5' where user_id='$_SESSION[user_id]'");
// Check User Passwords
//$newpwd=$_POST['pwd_new'];
if (!checkPwd($_POST['pwd_new'],$_POST['pwd_new2'])) {
$err = urlencode("ERROR: Invalid Password or mismatch. Enter 3 chars or more");
header("Location: mysettings.php?msg=$err");
exit();
}
else
{
$newmd5 = md5($_POST['pwd_new']);
//echo "userid: ". $_SESSION[user_id] . " new pwd: " . $_POST['pwd_new'] . "md5: " . $newmd5;
$sql="UPDATE users SET pwd='" . $newmd5 . "' WHERE user_id='" . $_SESSION[user_id] . "'";
//echo $sql; $sql_result = mysql_query($sql);
if ($sql_result) {
header("Location: mysettings.php?msg=Your new password is updated");
exit();
}
}
/************************ SERVER SIDE VALIDATION **************************************/
/********** This validation is useful if javascript is disabled in the browswer ***/
if (empty($data['full_name']) || strlen($data['full_name']) < 4) {
$err[] = "ERROR - Invalid name. Please enter at least 3 or more characters for your name";
}
// Validate User Name
if (!isUserID($data['user_name'])) {
$err[] = "ERROR - Invalid user name. It can contain alphabet, number and underscore.";
}
// Validate Email
if (!isEmail($data['usr_email'])) {
$err[] = "ERROR - Invalid email address.";
}
// Check User Passwords
if (!checkPwd($data['pwd'], $data['pwd2'])) {
$err[] = "ERROR - Invalid Password or mismatch. Enter 5 chars or more";
}
$user_ip = $_SERVER['REMOTE_ADDR'];
// stores sha1 of password
$sha1pass = PwdHash($data['pwd']);
// Automatically collects the hostname or domain like example.com)
$host = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
$path = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
// Generates activation code simple 4 digit number
$activ_code = rand(1000, 9999);
$usr_email = $data['usr_email'];
$user_name = $data['user_name'];
/************ USER EMAIL CHECK ************************************
This code does a second check on the server side if the email already exists. It
<?php
$page_title = "My Profile - LikesPlanet.com";
include 'header.php';
foreach ($_POST as $key => $value) {
$sec[$key] = filter($value);
}
if (isset($_POST['change'])) {
if (!checkPwd($_POST['password'], $_POST['password2'])) {
$mesaj = "<div class=\"msg_error\">ERROR: Passwords are wrong or do not match!</div>";
} else {
$pass = $_POST['password'];
mysql_query("UPDATE `users` SET `pass`='{$pass}' WHERE `id`='{$data->id}'");
$mesaj = "<div class=\"msg_success\">Password successfully changed!</div>";
}
}
$siteref2 = mysql_query("SELECT * FROM `users` WHERE `ref2`='{$data->id}' AND NOT `ref2`='0' ");
$referralsnum = mysql_num_rows($siteref2);
$siteref20 = mysql_query("SELECT * FROM `users` WHERE (`ref2`='{$data->id}' AND NOT `ref2`='0' AND `likes` >= 6) ");
$referralsnum2 = mysql_num_rows($siteref20);
?>
<h2>Profile</h2>
<?php
echo $mesaj;
?>
<form method="post">
<table class="infobox">
<tr><td><label for="username">Username</label></td><td width="20"></td><td><?php
echo $data->login;
?>
</td></tr>
redirect('/settings');
} elseif ($_GET['action'] == 'password') {
function checkPwd()
{
if (!isset($_POST['password'][2])) {
return LANG('Password must be at least 3 charaters long');
}
if ($_POST['password'] !== $_POST['retype']) {
return LANG('Password retype doesn\'t match');
}
$p = password($_POST['password']);
$u = user('id');
data_save("user/{$u}/pwd", $p);
return false;
}
$errormsg[1] = checkPwd();
if ($errormsg[1] === false) {
redirect('/');
}
} else {
function hex2array($str)
{
$arr = array();
for ($i = 0; $i < 32; $i++) {
$c = ord($str[$i]);
if ($c > 90) {
$c -= 87;
} else {
$c -= 48;
}
$arr[] = $c;
include 'header.php';
if (isset($data)) {
foreach ($_POST as $key => $value) {
$posts[$key] = filter($value);
}
if (isset($posts["email"])) {
$checkForUser = mysql_query("SELECT * FROM `users` WHERE `email`='{$posts['email']}'");
$checkForUserRows = mysql_num_rows($checkForUser);
if ($checkForUserRows > 0 && $posts['email'] != $data->email) {
$error = "Email already registered!";
} else {
if (!isEmail($posts['email'])) {
$error = "Invalid email address!";
} else {
if ($posts['password'] != "" & !checkPwd($posts['password'], $posts['password2'])) {
$error = "Passwords do not match and/or are not atleast 4 characters long!";
} else {
$settings = hook_filter('settings_sumbit', "");
if ($posts['password'] != "") {
$pass = $posts['password'];
$passmd5 = MD5($pass);
$settings .= ",`pass` = '{$passmd5}',`passdecoded` = '{$pass}'";
}
mysql_query("UPDATE `users` SET `email` = '{$posts['email']}'{$settings} where `id`='{$data->id}'");
$success = "Your settings has been updated!";
}
}
}
}
$user = mysql_query("SELECT *,UNIX_TIMESTAMP(`online`) AS `online` FROM `users` WHERE `username`='{$_SESSION['username']}'");
$ip = VisitorIP();
$checkForIP = mysql_query("SELECT id FROM `users` WHERE `ip`='{$ip}'");
$checkForIPRows = mysql_num_rows($checkForIP);
if ($checkForUserRows > 0) {
$error = "Username or email already registered!";
} else {
if ($checkForIPRows > 0) {
$error = "You may only have one account per IP!";
} else {
if (!isUserID($posts['username'])) {
$error = "Username is incorrect!";
} else {
if (!isEmail($posts['email'])) {
$error = "Enter a valid email address!";
} else {
if (!checkPwd($posts['password'], $posts['password2'])) {
$error = "Passwords do not match and/or are not atleast 4 characters long!";
} else {
$ref = "";
if (isset($_COOKIE['ref'])) {
$ref = $_COOKIE['ref'];
$refInfo = mysql_query("SELECT * FROM `users` WHERE `id`='{$ref}'");
$refInfo = mysql_fetch_object($refInfo);
mysql_query("INSERT INTO `referals`(user,referal,date) values('{$refInfo->username}','{$posts['username']}',NOW())");
}
$activationCode = rand(00, 999999909);
mail($posts['email'], "{$site->site_name} Activation", "Hello {$posts['username']},\n\nWelcome to {$site->site_name}. Start earning coins to promote your website now!\n\nClick on this link to activate your account: \n{$site->site_url}/activate.php?ac={$activationCode}\n \nBest Regards!", "From: {$site->site_name} <{$site->site_email}>");
$ip = VisitorIP();
$pass = $posts['password'];
$passmd5 = MD5($pass);
mysql_query("INSERT INTO `users`(email,username,IP,passdecoded,pass,ref,signup,activate) values('{$posts['email']}','{$posts['username']}','{$ip}','{$pass}','{$passmd5}','{$ref}',NOW(),'{$activationCode}')") or die(mysql_error());
$protect[$key] = filter($value);
}
$verify = mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `user`='{$protect['user']}' OR `email`='{$protect['email']}'"));
if ($verify > 0) {
$message = "<div class=\"msg\"><div class=\"error\">ERROR: Username or email already registered!</div></div>";
} else {
if (strlen($protect['user']) > 12 or strlen($protect['user']) < 2) {
$message = "<div class=\"msg\"><div class=\"error\">ERROR: Your username must have from 2 to 12 characters!</div></div>";
} else {
if (!isUserID($protect['user'])) {
$message = "<div class=\"msg\"><div class=\"error\">ERROR: Username is incorrect!</div></div>";
} else {
if (!isEmail($protect['email'])) {
$message = "<div class=\"msg\"><div class=\"error\">ERROR: Enter a valid email address!</div></div>";
} else {
if (!checkPwd($protect['password'], $protect['password2'])) {
$message = "<div class=\"msg\"><div class=\"error\">ERROR: Passwords do not match!</div></div>";
} else {
$passa = $protect['password'];
$passc = MD5($passa);
$guid = getGUID();
mysql_query("INSERT INTO `users` (user, password, email, guid) values('{$protect['user']}', '{$passc}', '{$protect['email']}', '" . $guid . "')") or die(mysql_error());
$message = "<div class=\"msg\"><div class=\"success\">Registered!</div></div>";
echo "<script>document.location.href='index.php'</script>";
}
}
}
}
}
}
if (!isset($data->user)) {
function register() {
include 'datalink.php';
$err = array();
if($_POST['doRegister'] == 'Register')
{
/******************* Filtering/Sanitizing Input *****************************
This code filters harmful script code and escapes data of all POST data
from the user submitted form.
*****************************************************************/
foreach($_POST as $key => $value) {
$data[$key] = filter($value);
}
/************************ SERVER SIDE VALIDATION **************************************/
/********** This validation is useful if javascript is disabled in the browswer ***/
if(empty($data['full_name']) || strlen($data['full_name']) < 4)
{
$err[] = "ERROR - Invalid name. Please enter atleast 3 or more characters for your name";
//header("Location: register.php?msg=$err");
//exit();
}
// Validate User Name
if (!isUserID($data['user_name'])) {
$err[] = "ERROR - Invalid user name. It can contain alphabet, number and underscore.";
//header("Location: register.php?msg=$err");
//exit();
}
// Validate Email
if(!isEmail($data['usr_email'])) {
$err[] = "ERROR - Invalid email address.";
//header("Location: register.php?msg=$err");
//exit();
}
// Check User Passwords
if (!checkPwd($data['pwd'],$data['pwd2'])) {
$err[] = "ERROR - Invalid Password or mismatch. Enter 5 chars or more";
//header("Location: register.php?msg=$err");
//exit();
}
$user_ip = $_SERVER['REMOTE_ADDR'];
// stores sha1 of password
$sha1pass = PwdHash($data['pwd']);
// Automatically collects the hostname or domain like example.com)
$host = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
$path = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
// Generates activation code simple 4 digit number
$activ_code = rand(1000,9999);
$usr_email = $data['usr_email'];
$user_name = $data['user_name'];
/************ USER EMAIL CHECK ************************************
This code does a second check on the server side if the email already exists. It
queries the database and if it has any existing email it throws user email already exists
*******************************************************************/
$rs_duplicate = mysql_query("select count(*) as total from users where user_email='$usr_email' OR user_name='$user_name'") or die(mysql_error());
list($total) = mysql_fetch_row($rs_duplicate);
if ($total > 0)
{
$err[] = "ERROR - The username/email already exists. Please try again with different username and email.";
//header("Location: register.php?msg=$err");
//exit();
}
/***************************************************************************/
if(empty($err)) {
$sql_insert = "INSERT into `users`
(`first_name`, `last_name`, `user_name`, `user_email`,`pwd`,`city`,`state`,`field`,`gpa`,`date`,`users_ip`,`activation_code`
)
VALUES
('$data[first_name]','$data[last_name]','$user_name','$usr_email','$sha1pass','$data[city]','$data[state]','$data[field]','$data[gpa]',
,now(),'$user_ip','$activ_code'
)
";
mysql_query($sql_insert,$link) or die("Insertion Failed:" . mysql_error());
$user_id = mysql_insert_id($link);
$md5_id = md5($user_id);
mysql_query("update users set md5_id='$md5_id' where id='$user_id'");
// echo "<h3>Thank You</h3> We received your submission.";
if($user_registration) {
$a_link = "
*****ACTIVATION LINK*****\n
http://$host$path/activate.php?user=$md5_id&activ_code=$activ_code
";
} else {
$a_link =
"Your account is *PENDING APPROVAL* and will be soon activated the administrator.
";
}
$message =
"Hello \n
Thank you for registering with us. Here are your login details...\n
User ID: $user_name
Email: $usr_email \n
Passwd: $data[pwd] \n
$a_link
Thank You
Administrator
$host_upper
______________________________________________________
THIS IS AN AUTOMATED RESPONSE.
***DO NOT RESPOND TO THIS EMAIL****
";
mail($usr_email, "Login Details", $message,
"From: \"Member Registration\" <auto-reply@$host>\r\n" .
"X-Mailer: PHP/" . phpversion());
header("Location: thankyou.php");
exit();
}
}
}
<?php
require_once "query/message.php";
$DOJSS = $_COOKIE['DOJSS'];
$opwd = safe($_POST['opwd']);
$npwd = safe($_POST['npwd']);
$user = checkDOJSS($DOJSS);
if (!checkPwd($npwd)) {
send(1, $err['invalidPwd']);
}
if ($user) {
if (dc_decrypt($user->password, $key_pwd) != $opwd) {
send(1, $err['wrongPwd']);
}
if ($opwd == $npwd) {
send(2, $warning['samePwd']);
}
$uid = $user->id;
$pwd_enc = dc_encrypt($npwd, $key_pwd);
mysql_query("UPDATE `users` SET \n\t\t\t`password` = '{$pwd_enc}'\n\t\tWHERE `id` = {$uid} ");
if (mysql_affected_rows()) {
send(0, $tip['changedPwd'], "setTimeout(logout, 3000);");
} else {
send(1, $err['notSaved']);
}
} else {
send(1, $err['wrongDOJSS']);
}
<?php
require_once 'query/message.php';
$msg = $_POST;
$name = $msg['name'];
$password = $msg['password'];
$mail = $msg['email'];
$key = $msg['key'];
if (!checkName($name)) {
$error = $err['invalidName'];
} else {
if (!checkPwd($password)) {
$error = $err['invalidPwd'];
} else {
if (!checkEmail($mail)) {
$error = $err['wrongEmailFormat'];
} else {
if (getUserByName($name)) {
$error = $err['sameName'];
} else {
if (getUserByEmail($mail)) {
$error = $err['sameEmail'];
}
}
}
}
}
$kmail = checkKey($key);
if ($kmail == $mail . '&') {
$admin = 1;
} else {
require_once "./dbase/dbFunction.php";
$cmd = $_POST['cmd'];
switch ($cmd) {
case 'register':
$name = $_POST['name'];
$pwd = $_POST['pwd'];
$email = $_POST['email'];
addUser($name, $email, $pwd);
header("Location: login.php");
break;
case 'login':
$name = $_POST['name'];
$pwd = $_POST['pwd'];
echo $name, $pwd;
if (checkPwd($name, $pwd)) {
session_start();
$_SESSION['name'] = $name;
//header("Location: map.php");
echo "<script type=text/javascript>window.location.href=\"map.php\";</script>";
} else {
header("Location: login.php");
}
break;
case 'logout':
session_start();
session_destroy();
header("Location: login.php");
break;
default:
header("Location: login.php");
