$alamat = anti_injection($_POST["alamat"]); $telepon = anti_injection($_POST["telepon"]); $email = anti_injection($_POST["email"]); $username = anti_injection($_POST["username"]); $password = md5(anti_injection($_POST["password"])); if ($nama == '' and $username == '') { ?> <script type="text/javascript"> alert('nama dan username tidak boleh kosong'); document.location.href='./index.php?mod=home&opt=profil&opts=list'; </script> <?php exit; } if ($email != '') { cek_email($email, "./index.php?mod=home&opt=profil&opts=list"); } if ($telepon != '') { cek_telepon($telepon, "./index.php?mod=home&opt=profil&opts=list"); } if (${$_POST}["password"] == "") { $d = mysql_query("update tbl_user set nama='{$nama}', alamat='{$alamat}', telepon='{$telepon}', email='{$email}', username='******' where username='******'"); } else { $d = mysql_query("update tbl_user set nama='{$nama}', alamat='{$alamat}', telepon='{$telepon}', email='{$email}', username='******', password='******' where username='******'"); } if ($d) { benar("./index.php?mod=home&opt=profil&opts=list"); $_SESSION["username"] == $username; exit; } else { salah("./index.php?mod=home&opt=profil&opts=list");
} $proses = filter_str($proses); konek_db(); // koneksikan ke MySQL server // handel setiap proses dengan case dan switch switch ($proses) { case 'form': $judul = "<h2>Lupa Password</h2>"; $lupa = "\n\t<p>Isikan username dan email anda kemudian klik KIRIM untuk mereset password anda</p>\n\t<form action='lupa_pass.php?proses=kirim' method='post'>\n\t\t<table border='0' cellpadding='4'>\n\t\t\t<tr bgcolor='#7cb500'>\n\t\t\t\t<td class='putih' colspan='2'>Form Lupa Password</td></tr>\n\t\t\t<tr> \n<td>Username: </td>\n\t\t\t\t<td><input type='text' name='username'></td></tr>\n\t\t\t<tr> \n<td>Email: </td>\n\t\t\t\t<td><input type='text' name='email'></td></tr>\n\t\t\t<tr><td></td><td><input type='submit' value='K I R I M'></td></tr>\n\t\t\t<tr bgcolor='#7cb500' height='20'><td colspan='2'></td></tr>\n\t\t</table>\n\t</form>\n\n"; break; case 'kirim': // ambil data yang dipost $username = filter_str($_POST['username']); $email = $_POST['email']; // cek kevalidan email if (!cek_email($email)) { $lupa = "<p>Error: Email tidak valid.<br>\n{$kembali}</p>\n"; } else { // lakukan query untuk mencocokan data $hasil = mysql_query("SELECT * FROM member WHERE username='******' AND email='{$email}'"); // cek hasil if (mysql_num_rows($hasil) == 0) { $lupa = "<p>Error: Username atau email tidak ada didatabase.<br>\n{$kembali}</p>"; } else { // jika cocok maka buat password baru, update database lalu kirim email // panggil fungsi pass_acak() untuk mendapatkan password secara acak $new_pass = pass_acak(); // enkripsi password $pass_enkrip = balik_md5($new_pass); // update password yang ada di database $q_update = mysql_query("UPDATE member SET password='******' WHERE username='******'");
} else { if ((int) $_GET["mode"] == 2) { if ((int) $_GET["id_user"] != 0) { if ($nama == '' or $username == '' or $izin == '' or $level == '0') { ?> <script type="text/javascript"> alert('isi dengan lengkap'); document.location.href='./index.php?mod=home&opt=member&opts=edit&id_user=<?php echo (int) $_GET["id_user"]; ?> '; </script> <?php } else { if ($email != '') { if (cek_email($email) == false) { pesan('email tidak valid', './index.php?mod=home&opt=member&opts=edit&id_user='******'') { if (cek_telepon($telepon) == false) { pesan('no telepon tidak valid', './index.php?mod=home&opt=member&opts=edit&id_user='******'{$nama}', alamat='{$alamat}', telepon='{$telepon}', email='{$email}', username='******', izin='{$izin}', level='{$level}' where id_user='******'"); } else { $d = mysql_query("update tbl_user set nama='{$nama}', alamat='{$alamat}', telepon='{$telepon}', email='{$email}', username='******', password='******', izin='{$izin}', level='{$level}' where id_user='******'"); } if ($d) { benar("./index.php?mod=home&opt=member&opts=list");