-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathchange-p.php
78 lines (61 loc) · 1.92 KB
/
change-p.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
<?php
session_start();
if (isset($_SESSION['id']) && isset($_SESSION['Email'])) {
require_once "db_conn.php";
if (isset($_POST['op']) && isset($_POST['np'])
&& isset($_POST['c_np'])) {
function validate($data){
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$op = htmlentities(validate($_POST['op']));
$np = htmlentities(validate($_POST['np']));
$c_np = htmlentities(validate($_POST['c_np']));
if(empty($op)){
header("Location: /profiles.php?error=舊密碼未填");
exit();
}else if(empty($np)){
header("Location: /profiles.php?error=新密碼未填");
exit();
}else if($np !== $c_np){
header("Location: /profiles.php?error=新密碼和確認新密碼不符");
exit();
}else {
// hashing the password
$op = ($op); //md5
$np = ($np); //md5
$id = $_SESSION['id'];
if(strlen($np)<8 or strlen($np)>16){
header('Location: /profiles.php?error=新密碼小於8或大於16');
exit();
}
$illegal = array("=","or","'");
for($i=0;$i<count($illegal);$i++){
$np=str_replace($illegal[$i],"’",$np);
}
$sql = "SELECT password
FROM users WHERE
id='$id' AND password='$op'";
$result = mysqli_query($conn, $sql);
if(mysqli_num_rows($result) === 1){
$sql_2 = "UPDATE users
SET password='$np'
WHERE id='$id'";
mysqli_query($conn, $sql_2);
header("Location: /profiles.php?success=您的密碼已經成功變更");
exit();
}else {
header("Location: /profiles.php?error=密碼錯誤");
exit();
}
}
}else{
header("Location: http://saylove.cutespirit.org/index.php");
exit();
}
}else{
header("Location: index.php");
exit();
}