$alamat = anti_injection($_POST["alamat"]);
$telepon = anti_injection($_POST["telepon"]);
$email = anti_injection($_POST["email"]);
$username = anti_injection($_POST["username"]);
$password = md5(anti_injection($_POST["password"]));
if ($nama == '' and $username == '') {
?>
<script type="text/javascript">
alert('nama dan username tidak boleh kosong');
document.location.href='./index.php?mod=home&opt=profil&opts=list';
</script>
<?php
exit;
}
if ($email != '') {
cek_email($email, "./index.php?mod=home&opt=profil&opts=list");
}
if ($telepon != '') {
cek_telepon($telepon, "./index.php?mod=home&opt=profil&opts=list");
}
if (${$_POST}["password"] == "") {
$d = mysql_query("update tbl_user set nama='{$nama}', alamat='{$alamat}', telepon='{$telepon}', email='{$email}', username='******' where username='******'");
} else {
$d = mysql_query("update tbl_user set nama='{$nama}', alamat='{$alamat}', telepon='{$telepon}', email='{$email}', username='******', password='******' where username='******'");
}
if ($d) {
benar("./index.php?mod=home&opt=profil&opts=list");
$_SESSION["username"] == $username;
exit;
} else {
salah("./index.php?mod=home&opt=profil&opts=list");
}
$proses = filter_str($proses);
konek_db();
// koneksikan ke MySQL server
// handel setiap proses dengan case dan switch
switch ($proses) {
case 'form':
$judul = "<h2>Lupa Password</h2>";
$lupa = "\n\t<p>Isikan username dan email anda kemudian klik KIRIM untuk mereset password anda</p>\n\t<form action='lupa_pass.php?proses=kirim' method='post'>\n\t\t<table border='0' cellpadding='4'>\n\t\t\t<tr bgcolor='#7cb500'>\n\t\t\t\t<td class='putih' colspan='2'>Form Lupa Password</td></tr>\n\t\t\t<tr> \n<td>Username: </td>\n\t\t\t\t<td><input type='text' name='username'></td></tr>\n\t\t\t<tr> \n<td>Email: </td>\n\t\t\t\t<td><input type='text' name='email'></td></tr>\n\t\t\t<tr><td></td><td><input type='submit' value='K I R I M'></td></tr>\n\t\t\t<tr bgcolor='#7cb500' height='20'><td colspan='2'></td></tr>\n\t\t</table>\n\t</form>\n\n";
break;
case 'kirim':
// ambil data yang dipost
$username = filter_str($_POST['username']);
$email = $_POST['email'];
// cek kevalidan email
if (!cek_email($email)) {
$lupa = "<p>Error: Email tidak valid.<br>\n{$kembali}</p>\n";
} else {
// lakukan query untuk mencocokan data
$hasil = mysql_query("SELECT * FROM member WHERE username='******' AND email='{$email}'");
// cek hasil
if (mysql_num_rows($hasil) == 0) {
$lupa = "<p>Error: Username atau email tidak ada didatabase.<br>\n{$kembali}</p>";
} else {
// jika cocok maka buat password baru, update database lalu kirim email
// panggil fungsi pass_acak() untuk mendapatkan password secara acak
$new_pass = pass_acak();
// enkripsi password
$pass_enkrip = balik_md5($new_pass);
// update password yang ada di database
$q_update = mysql_query("UPDATE member SET password='******' WHERE username='******'");
} else {
if ((int) $_GET["mode"] == 2) {
if ((int) $_GET["id_user"] != 0) {
if ($nama == '' or $username == '' or $izin == '' or $level == '0') {
?>
<script type="text/javascript">
alert('isi dengan lengkap');
document.location.href='./index.php?mod=home&opt=member&opts=edit&id_user=<?php
echo (int) $_GET["id_user"];
?>
';
</script>
<?php
} else {
if ($email != '') {
if (cek_email($email) == false) {
pesan('email tidak valid', './index.php?mod=home&opt=member&opts=edit&id_user='******'') {
if (cek_telepon($telepon) == false) {
pesan('no telepon tidak valid', './index.php?mod=home&opt=member&opts=edit&id_user='******'{$nama}', alamat='{$alamat}', telepon='{$telepon}', email='{$email}', username='******', izin='{$izin}', level='{$level}' where id_user='******'");
} else {
$d = mysql_query("update tbl_user set nama='{$nama}', alamat='{$alamat}', telepon='{$telepon}', email='{$email}', username='******', password='******', izin='{$izin}', level='{$level}' where id_user='******'");
}
if ($d) {
benar("./index.php?mod=home&opt=member&opts=list");
