-
Notifications
You must be signed in to change notification settings - Fork 0
/
info.php
76 lines (60 loc) · 2.63 KB
/
info.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
<?php
include("core/init.php");
?>
<?php
if(isLoggedIn())
{
$user_id=$_SESSION['user_id'];
$username=$_SESSION['username'];
$about=$_SESSION['details'];
$avatar=$_SESSION['avatar'];
$db=new Database;
{if(isset($_POST['username'])&&!empty($_POST['username']))
{$username=$_POST['username'];
if(isset($_POST['about']))
$about=$_POST['about'];
if(isset($_POST['old_pass'])&&!empty($_POST['old_pass']))
{
if(!empty($_POST['old_pass']))
{
$db->query("SELECT * FROM users WHERE id=:id AND password=:pass");
$db->bind("id",$user_id);
$db->bind("pass",md5(md5($_POST['old_pass'])));
if($db->rowCount()==1)
{
if(!empty($_POST['newPass'])&&!empty($_POST['newRePass'])&&md5($_POST['newPass'])==md5($_POST['newRePass']))
{$user_name=$_POST['username'];
$db->query("UPDATE users SET username=:username,about=:about,password=:pass WHERE id=:user_id");
$db->bind("username",$username);
$db->bind("about",$_POST['about']);
$db->bind("pass",md5(md5($_POST['newPass'])));
$db->bind("user_id",$user_id);
if($db->execute())
{$_SESSION['username']=mysql_real_escape_string($_POST['username']);
$_SESSION['details']=mysql_real_escape_string($_POST['about']);$_SESSION['user_id']=$user_id;
echo '<div class="al alert alert-success" style="text-align:center">Successfully Updated Info</div><script>reload();</script>';}
else echo '<div class="al alert alert-danger" style="text-align:center">Choose a different Username</div>';
}else echo '<div class="al alert alert-danger" style="text-align:center">Passwords empty/mismatch</div>';
}else echo '<div class="al alert alert-danger" style="text-align:center">Passwords empty/mismatch</div>';
}
}else {
$user_name=$_POST['username'];
$db->query("UPDATE users SET username=:username,about=:about WHERE id=:user_id");
$db->bind("username",$username);
$db->bind("about",$_POST['about']);
$db->bind("user_id",$user_id);
if($db->execute())
{/*$_SESSION['username']=mysql_real_escape_string($_POST['username']);
$_SESSION['details']=mysql_real_escape_string($_POST['about']);*/
echo '<div class="al alert alert-success" style="text-align:center">Successfully Updated Info</div><script>reload();</script>';}
else echo '<div class="al alert alert-danger" style="text-align:center">Choose a different Username</div>';
}
}
else echo '<div class="al alert alert-warning" style="text-align:center">Enter all the required fields</div>';
}
}
else
{
redirect("index.php","","warning");
}
?>