-
Notifications
You must be signed in to change notification settings - Fork 19
/
pwchange.php
60 lines (55 loc) · 2.29 KB
/
pwchange.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<?php
include("./data/config.inc.php");
// 防止全局变量造成安全隐患
$admin = false;
session_id($_GET['s']);
session_start();
// 判断是否登陆
if (isset($_SESSION["admin"]) && $_SESSION["admin"] === true) {
echo "";
} else {
// 验证失败,将 $_SESSION["admin"] 置为 false
$_SESSION["admin"] = false;
echo("You are not logged in. Redirecting to login page.");
echo("<meta http-equiv=refresh content='2; url=login.php'>");
die();
}
function check_input($value){
// Stripslashes
if (get_magic_quotes_gpc()) { $value = stripslashes($value); }
// Quote if not a number
if (!is_numeric($value)) { $value = "'" . mysql_real_escape_string($value) . "'"; }
return $value;}
// 表单提交后...
$posts = $_POST;
// 清除一些空白符号
foreach ($posts as $key => $value) {
$posts[$key] = trim($value);
}
$username =$_SESSION["username"];
mysql_connect($db_host,$db_user,$db_pass) //填写mysql用户名和密码
or die("Could not connect to MySQL server!");
mysql_select_db($db_name) //数据库名
or die("Could not select database!");
mysql_query('set names "gbk"'); //数据库内数据的编码
$oldpassword = mysql_real_escape_string($posts["oldpassword"]);
$newpassword = mysql_real_escape_string($posts["newpassword"]);
$renewpassword = mysql_real_escape_string($posts["renewpassword"]);
$sql = "SELECT * FROM user WHERE password = password('$oldpassword') AND username = '$username'";
$result = mysql_query($sql) or die ("wrong");
$userInfo = mysql_fetch_array($result);
if( $newpassword != $renewpassword){
echo('Password confirmation doesn\'t match. The password should be between 6-20 characters. Redirecting back.');
echo("<meta http-equiv=refresh content='2; url=change.php'>");
}else{
if(mysql_num_rows( mysql_query($sql) )==1 ){
$sql="Update user set password=password('$newpassword') where username='$username'";
mysql_query($sql) or die(mysql_error());
echo('Successfully changed the password. Redirecting to login page.');
echo("<meta http-equiv=refresh content='2; url=login.php'>");
}else{
echo('The current password is not correct. Redirecting back.');
echo("<meta http-equiv=refresh content='2; url=change.php'>");
}
}
?>