-
Notifications
You must be signed in to change notification settings - Fork 0
/
changeuser.php
61 lines (51 loc) · 2.53 KB
/
changeuser.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
<?php
require_once('php/profile.php');
if(!$fs_global_userid){
die("You have no access to this page!");
}
$b_Save=true;
$username = stripslashes($_REQUEST["username"]);
$username = htmlspecialchars($username);
$username = trim($username);
if(strlen($username) == 0) {$username_error = 'Username cannot be empty'; $b_Save = false;}
$passwordone = stripslashes($_REQUEST["passwordone"]);
$passwordone = htmlspecialchars($passwordone);
$passwordone = trim($passwordone);
$confirmpassword = stripslashes($_REQUEST["confirmpassword"]);
$confirmpassword = htmlspecialchars($confirmpassword);
$confirmpassword = trim($confirmpassword);
if($passwordone != $confirmpassword) {$confirmpassword_error = 'Password confirmation does not match'; $b_Save = false;}
$displayname = stripslashes($_REQUEST["displayname"]);
if(empty($displayname)) {$displayname = $username;}
$email = stripslashes($_REQUEST["email"]);
$oldpassword = stripslashes($_REQUEST["oldpassword"]);
$oldpassword = htmlspecialchars($oldpassword);
$oldpassword = trim($oldpassword);
require('php/database.php');
$result = mysql_query("SELECT username, password FROM fs_users WHERE id=".$fs_global_userid."", $db);
$myrow = mysql_fetch_array($result);
$storepass = getStorePassword($myrow['username'], $oldpassword);
if($storepass!=$myrow['password']){$oldpassword_error='Wrong password'; $b_Save=false;}
if($b_Save){
$result = mysql_query("SELECT id FROM fs_users WHERE username='".mysql_real_escape_string($username)."' AND id!=".$fs_global_userid."", $db);
$myrow = mysql_fetch_array($result);
if (!empty($myrow['id'])) {$username_error='Username already exists'; $b_Save=false;}
}
if($b_Save){
if(strlen($passwordone) == 0) {$newpassword = $oldpassword;} else {$newpassword = $passwordone;}
$storepass = getStorePassword($username, $newpassword);
/*
$result2 = mysql_query ("UPDATE fs_users SET username = '".mysql_real_escape_string($username)."', password = '$storepass', "+
*/
$result2 = mysql_query ("UPDATE fs_users SET username = '".mysql_real_escape_string($username)."', password = '".$storepass."', ".
"displayname = '".mysql_real_escape_string($displayname)."', email = '".mysql_real_escape_string($email)."' ".
"WHERE id=".$fs_global_userid."", $db);
if ($result2 != 'TRUE') {$username_error = 'Error during registration. Try again.'.mysql_error($db); $b_Save = false;}
}
if($b_Save){
$_SESSION['login'] = $username;
$_SESSION['password'] = $newpassword;
checkLogin();
}
require_once('index.php');
?>