forked from ngsankha/codejudge
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathupdate.php
37 lines (37 loc) · 1.29 KB
/
update.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
<?php
/*
* Codejudge
* Copyright 2012, Sankha Narayan Guria (sankha93@gmail.com)
* Licensed under MIT License.
*
* script that performs some database operations
*/
include('functions.php');
connectdb();
if($_POST['action']=='email') {
// change the email id of the user
if(trim($_POST['email']) == "")
header("Location: account.php?derror=1");
else {
mysql_query("UPDATE users SET email='".mysql_real_escape_string($_POST['email'])."' WHERE username='".$_SESSION['username']."'");
header("Location: account.php?changed=1");
}
} else if($_POST['action']=='password') {
// change the password of the user
if(trim($_POST['oldpass']) == "" or trim($_POST['newpass']) == "")
header("Location: account.php?derror=1");
else {
$query = "SELECT salt,hash FROM users WHERE username='".$_SESSION['username']."'";
$result = mysql_query($query);
$fields = mysql_fetch_array($result);
$currhash = crypt($_POST['oldpass'], $fields['salt']);
if($currhash == $fields['hash']) {
$salt = randomAlphaNum(5);
$newhash = crypt($_POST['newpass'], $salt);
mysql_query("UPDATE users SET hash='$newhash', salt='$salt' WHERE username='".$_SESSION['username']."'");
header("Location: account.php?changed=1");
} else
header("Location: account.php?passerror=1");
}
}
?>