include_once '../lib/glob.php';
include_once '../lib/lib.php';
if (!isset($_SESSION["id"])) {
die("ERROR ON PAGE!");
}
$id = $_SESSION["id"];
if (!isset($_POST["psw"]) or !isset($_POST["psw1"]) or !isset($_POST["psw2"])) {
die("请输入所有空格!");
}
if (empty($_POST["psw"]) or empty($_POST["psw1"]) or empty($_POST["psw2"])) {
die("请输入所有空格!");
}
$psw = $_POST["psw"];
$psw1 = $_POST["psw1"];
$psw2 = $_POST["psw2"];
if (!lib_psw_validate($psw) or !lib_psw_validate($psw1) or !lib_psw_validate($psw2) or !($psw1 == $psw2)) {
die("修改密码失败,请重新输入正确的密码!");
}
$psw = md5($psw);
$query = "SELECT *\n\t\tFROM users\n\t\tWHERE id = {$id} AND password = '******'";
$result = mysql_query($query);
if (mysql_num_rows($result) == 0) {
die("密码不正确,请重新输入正确的密码!");
}
if (strlen($psw2) < 6 or strlen($psw1) < 6) {
die("新密码长度太短!");
}
$psw1 = md5($psw1);
$query = "UPDATE users\n\t\tSET password = '******'\n\t\tWHERE id = {$id}\n\t\t";
$result = mysql_query($query);
echo "密码修改成功!";
exit;
}
//check if passwords match:
if ($psw != $repsw) {
setAlertMsg("Passwords don't match!");
header("Location:../register.php?username={$usr}");
exit;
}
//check username input validation:
if (!lib_name_validate($usr)) {
setAlertMsg("Username can only contain letters, numbers and underscore, and the first character must be a letter!");
header("Location:../register.php?username={$usr}");
exit;
}
//check password input validation:
if (!lib_psw_validate($psw)) {
setAlertMsg("Password can only contain letters and numbers!");
header("Location:../register.php?username={$usr}");
exit;
}
//check if name is avalable:
if (isUserExist($usr, $psw)) {
setAlertMsg("This username has been taken!");
header("Location:../register.php?username={$usr}");
exit;
}
//proceed registeration:
insertNewUser($usr, $psw);
$_SESSION["username"] = $usr;
$_SESSION["password"] = $psw;
$_SESSION["admin"] = 0;
