/** * Update the credentials for the given user. * @author pdvrieze * @param mysqli $db The database connection. * @param string $user The user whose password to update. * @param string $newpassword The new password */ function updateCredentials($db, $user, $newpassword) { $passwordhash = createPasswordHash($password); if ($stmt = $db->prepare('UPDATE `users` SET `password` = ? WHERE `user` = ?')) { if (!$stmt->bind_param("ss", $passwordhash, $user)) { handleError($db->error); } if ($stmt->execute() !== False) { $db->commit(); return TRUE; } else { $db->rollback(); handleError("Error updating password"); } } }
} else { //insert unset($insert); $insert['USER_ID'] = "'" . $_POST['email'] . "'"; $insert['EMAIL'] = "'" . $_POST['email'] . "'"; $insert['NAME'] = "'" . $_POST['name'] . "'"; $insert['LAST_NAME'] = "'" . $_POST['surname'] . "'"; $insert['SEX'] = "'" . $_POST['sex'] . "'"; $insert['ADDRESS1'] = "'" . $_POST['address'] . "'"; $insert['CITIZEN_ID'] = "'" . $_POST['idcard'] . "'"; $insert['PROVINCE_ID'] = "'" . $_POST['province'] . "'"; $insert['DISTRICT_ID'] = "'" . $_POST['district'] . "'"; $insert['SUB_DISTRICT_ID'] = "'" . $_POST['sub_district'] . "'"; $insert['POST_CODE'] = "'" . $_POST['postcode'] . "'"; $insert['BIRTHDAY'] = "'" . ConvertDateToDB($_POST['birthday']) . "'"; $insert['PWD'] = "'" . createPasswordHash($_POST['password1']) . "'"; $insert['USER_CREATE'] = "'" . $_POST['email'] . "'"; $insert['CREATE_DATE'] = "NOW()"; $insert['ACTIVE_FLAG'] = "'0'"; $insert['TELEPHONE'] = "'" . $_POST['telephone'] . "'"; $insert['MOBILE_PHONE'] = "'" . $_POST['mobile'] . "'"; $insert['FAX'] = "'" . $_POST['fax'] . "'"; $sql = "INSERT INTO sys_app_user (" . implode(",", array_keys($insert)) . ") VALUES (" . implode(",", array_values($insert)) . ")"; mysql_query($sql, $conn) or die($sql); $retrunID = mysql_insert_id(); unset($insert); $insert['USER_ID'] = "'" . $_POST['email'] . "'"; $insert['USER_TYPE_ID'] = "'2'"; $sql = "INSERT INTO sys_mapping_user_type (" . implode(",", array_keys($insert)) . ") VALUES (" . implode(",", array_values($insert)) . ")"; mysql_query($sql, $conn) or die($sql); $body = "";
$txtName = $_POST['txtName']; $txtLastName = $_POST['txtLastName']; $txtCitizenID = $_POST['txtCitizenID']; $txtAddress = $_POST['txtAddress']; $province = $_POST['cmbProvince']; $district = $_POST['cmbDistrict']; $subDistrict = $_POST['cmbSubDistrict']; $txtPostCode = $_POST['txtPostCode']; $txtTelephone = $_POST['txtTelephone']; $txtPwd = $_POST['txtPwd']; $txtMobilePhone = $_POST['txtMobilePhone']; $txtFax = $_POST['txtFax']; $lastPwd = $_POST['hidLastPassword']; $savePwd = $lastPwd; if (createPasswordHash($txtPwd) != $lastPwd) { $savePwd = createPasswordHash($txtPwd); } $strSQL = "update sys_app_user "; $strSQL .= "set NAME = '" . $txtName . "'"; $strSQL .= " ,LAST_NAME = '" . $txtLastName . "'"; $strSQL .= " , ADDRESS1 = '" . $txtAddress . "'"; $strSQL .= " ,DISTRICT_ID = '" . $district . "'"; $strSQL .= " ,SUB_DISTRICT_ID = '" . $subDistrict . "'"; $strSQL .= " ,PROVINCE_ID = '" . $province . "'"; $strSQL .= " ,POST_CODE = '" . $txtPostCode . "'"; $strSQL .= " ,TELEPHONE = '" . $txtTelephone . "'"; $strSQL .= " ,CITIZEN_ID = '" . $txtCitizenID . "'"; $strSQL .= " ,LAST_UPDATE_DATE = now() "; $strSQL .= " ,LAST_UPDATE_USER = '******'"; $strSQL .= " ,LAST_FUNCTION = 'U'"; $strSQL .= " ,PWD = '" . $savePwd . "'";
require ('../inc_meta.php'); ?> </head> <body> <? require ('../inc_header.php'); ?> <div class="main-container"> <div class="main-body marginC"> <?php require '../inc_side.php'; ?> <? echo "helloPassword >> hash " . createPasswordHash("helloPassword"); ?> <div class="mod-body"> <div class="buttonActionBox"> <input type="button" value="สร้างใหม่" class="buttonAction emerald-flat-button" onclick="location.href = 'addUser.php';" > <input type="button" value="ลบ" class="buttonAction alizarin-flat-button" onclick="deleteCheck();" data-pageDelete="delUser.php"> <input type="button" value="จัดเรียง" class="buttonAction peter-river-flat-button" onclick="orderPage('order.php');"> </div> <div class="mod-body-inner"> <div class="mod-body-inner-header"> <div class="floatL titleBox">ผู้ใช้งาน</div> <div class="floatR searchBox"> <form name="search" action="?" method="post"> <input type="search" name="str_search" value="" /> <input type="image" name="search_submit" src="../images/small-n-flat/search.svg" alt="Submit Form" class="p-Relative" />
$txtEmail = $_POST['txtEmail']; $txtName = $_POST['txtName']; $txtLastName = $_POST['txtLastName']; $txtCitizenID = $_POST['txtCitizenID']; $txtAddress = $_POST['txtAddress']; $province = $_POST['cmbProvince']; $district = $_POST['cmbDistrict']; $subDistrict = $_POST['cmbSubDistrict']; $txtPostCode = $_POST['txtPostCode']; $txtTelephone = $_POST['txtTelephone']; $txtPwd = $_POST['txtPwd']; $txtMobilePhone = $_POST['txtMobilePhone']; $txtFax = $_POST['txtFax']; $strSQL = "INSERT INTO sys_app_user "; $strSQL .= "(USER_ID,NAME,LAST_NAME,ADDRESS1,DISTRICT_ID,SUB_DISTRICT_ID,PROVINCE_ID"; $strSQL .= ",POST_CODE,TELEPHONE,EMAIL,CITIZEN_ID,USER_CREATE,CREATE_DATE,LAST_FUNCTION , PWD , MOBILE_PHONE , FAX) "; $strSQL .= "VALUES "; $strSQL .= "('" . $txtEmail . "','" . $txtName . "','" . $txtLastName . "','" . $txtAddress . "','" . $district . "','" . $subDistrict . "','" . $province . "' "; $strSQL .= ",'" . $txtPostCode . "','" . $txtTelephone . "','" . $txtEmail . "','" . $txtCitizenID . "','Test' , now() , 'A' , '" . createPasswordHash($txtPwd) . "' , '" . $txtMobilePhone . "' , '" . $txtFax . "') "; $objQuery = mysql_query($strSQL); if ($objQuery) { // header("Location:"._FULL_SITE_PATH_."/administrator/mod_user/index.php"); echo "<script type='text/javascript'>window.location.href = '" . _FULL_SITE_PATH_ . "/administrator/mod_user/index.php';</script>"; } else { echo "Error Save [" . $strSQL . "]"; } } ?> </body> </html>
require "assets/configs/function.inc.php"; if (!isset($_SESSION['LANG'])) { $_SESSION['LANG'] = 'TH'; } //TH , EN if ($_SESSION['LANG'] == 'TH') { require "inc/inc-th-lang.php"; } else { if ($_SESSION['LANG'] == 'EN') { require "inc/inc-en-lang.php"; } } header('Content-type: text/html; charset=utf-8'); if (isset($_GET['edit'])) { $sql = "SELECT ID,USER_ID,`NAME`,LAST_NAME,PWD FROM sys_app_user where ID = '" . $_SESSION['UID'] . "' "; $rs = mysql_query($sql) or die(mysql_error()); $rowUser = mysql_fetch_array($rs); if ($rowUser['PWD'] != createPasswordHash($_POST['oldPwd'])) { $_SESSION['CHANGE_PWD_ERR_MSG'] = $old_pwd_invalid; header("Location:" . _FULL_SITE_PATH_ . "/account-password.php"); } else { // pass can update $update = ""; $update[] = "PWD = '" . createPasswordHash($_POST['newPwd']) . "'"; $update[] = "LAST_UPDATE_DATE = NOW()"; $update[] = "LAST_UPDATE_USER = '******'user_name'] . "'"; $sql = "UPDATE sys_app_user SET " . implode(",", $update) . " WHERE ID = " . $_SESSION['UID']; mysql_query($sql, $conn); header('Location: ' . 'account.php'); } }
<?php require "assets/configs/config.inc.php"; require "assets/configs/connectdb.inc.php"; require "assets/configs/function.inc.php"; header('Content-type: text/html; charset=utf-8'); $getUserSql = "SELECT ID,\n\t\t\t\t\t\tUSER_ID,\n\t\t\t\t\t\t`NAME`,\n\t\t\t\t\t\tLAST_NAME,\n\t\t\t\t\t\tPWD,\n\t\t\t\t\t\tIMAGE_PATH\n\t\t\t\t\tFROM\n\t\t\t\t\t\tsys_app_user\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tUSER_ID = '" . $_POST['txtEmail'] . "'\n\t\t\t\t\tand ACTIVE_FLAG = 1 "; $query = mysql_query($getUserSql, $conn); $validatePass = FALSE; while ($row = mysql_fetch_array($query)) { if ($row['PWD'] == createPasswordHash($_POST['txtPwd'])) { $validatePass = TRUE; $_SESSION['user_name'] = $row['USER_ID']; $_SESSION['UID'] = $row['ID']; $_SESSION['IMAGE_PATH'] = $row['IMAGE_PATH']; } else { $_SESSION['LOGIN_FAIL_MSG'] = "รหัสผ่านไม่ถูกต้อง"; } } if ($validatePass) { unset($insert); $insert['USER_ID'] = "'" . $_SESSION['user_name'] . "'"; $insert['LOGIN_DATE'] = "now()"; $sql = "INSERT INTO log_user_login (" . implode(",", array_keys($insert)) . ") VALUES (" . implode(",", array_values($insert)) . ")"; mysql_query($sql, $conn) or die($sql); //header("Location : " . $_SESSION['last_url']); $last_url = $_SESSION['last_url']; // if (strpos($last_url, 'login') !== false) // $last_url = ''; if ($last_url != '') { //echo "<script type='text/javascript'>window.location.href = '" . $last_url . "';</script>";