Logowanie i rejestracja Opcje

[michu9010]

witam,
jakis czas temu znalazlem w sieci system logowania i rejestracji i mam problem z zmiana hasla i edytowaniem danych
to sa te funkcje (formularz):

[PHP] pobierz, plaintext 
function show_changepassword_form(){
 
echo '<form action="index.php?com=changepassword" method="post"> 
  <fieldset> 
  <legend>Change Password</legend> 
  <input type="hidden" value="'.$_SESSION['username'].'" name="username"> 
  <dl> 
    <dt> 
      <label for="oldpassword">Aktualne haslo:</label> 
    </dt> 
    <dd> 
      <input name="oldpassword" type="password" id="oldpassword" maxlength="15"> 
    </dd> 
    <dt> 
      <label for="password">Nowe haslo:</label> 
    </dt> 
    <dd> 
      <input name="password" type="password" id="password" maxlength="15"> 
    </dd> 
    <dt> 
      <label for="password2">Potwierdz nowe haslo:</label> 
    </dt> 
    <dd> 
      <input name="password2" type="password" id="password2" maxlength="15"> 
    </dd> 
  </dl> 
  <p> 
    <input name="reset" type="reset" value="Wyczysc"> 
    <input name="change" type="submit" value="Zmien"> 
  </p> 
  </fieldset> 
</form>
';
}
[PHP] pobierz, plaintext 

dane personalne

[PHP] pobierz, plaintext 
function show_update_form(){
	echo '<form action="index.php?com=changeprofile" method="get">
<fieldset><legend>Edycja danych</legend>
<label for="data" id="personal">Dane personalne</label>
<dl>
<dt><label for="name">Imie:</label></dt>
<dd><input name="name" type="text" id="name" size="25" maxlength="10" /></dd>
<dt><label for="surname">Nazwisko:</label></dt>
<dd><input name="surname" type="text" id="surname" size="25" maxlength="30" /></dd>
<dt><label for="telephone">Numer telefonu:</label></dt>
<dd>+48<input name="telephone" type="text" id="telephone" size="21" maxlength="12"></dd>
<dt><label for="gg">Numer Gadu-Gadu:</label></dt>
<dd><input name="gg" type="text" id="gg" size="25" maxlength="9" /></dd>
</dl>
<label for="address" id="personal">Dane adresowe</label>
<dl>
<dt><label for="street">Ulica:</label></dt>
<dd><input name="street" type="text" id="street" size="25" maxlength="30" /></dd>
<dt><label for="nrhouse">Numer domu (XX/XX):</label></dt>
<dd><input name="nrhouse" type="text" id="nrhouse" size="25" maxlength="6" /></dd>
<dt><label for="postcode">Kod pocztowy(XX-XXX):</label></dt>
<dd><input name="postcode" type="text" id="postcode" size="25" maxlength="6"  /></dd>
<dt><label for="province">Województwo:</label></dt>
<dd>
<select name="province" id="province">
<option>dolnoslaskie</option>
<option>kujawsko-pomorskie</option>
<option>lubelskie</option>
<option>lubuskie</option>
<option>lódzkie</option>
<option>malopolskie</option>
<option>mazowieckie</option>
<option>opolskie</option>
<option>podkarpackie</option>
<option>podlaskie</option>
<option>pomorskie</option>
<option>slaskie</option>
<option>swietokrzyskie</option>
<option>warminsko-mazurskie</option>
<option>wielkopolskie</option>
<option>zachodniopomorskie</option>
</select>
</dd>
</dl>
<p>
<input type="reset" name="reset" value="Wyczysc" />
<input name="update" type="submit" value="Zapisz" />
</p>
</fieldset>
</form>';
}
[PHP] pobierz, plaintext 

plik zmiany hasla

[PHP] pobierz, plaintext 
<?php
 
 
 
if (isLoggedIn() == true)
{
 
    if (isset($_POST['change']))
    {
 
        if (changePassword($_POST['username'], $_POST['oldpassword'], $_POST['password'],
            $_POST['password2']))
        {
            echo "Twoje haslo zostalo zmienione! <br /> <a href='./index.php'>Strona glówna</a>";
 
        } else
        {
            echo "Haslo nie zostalo zmienione, spróbuj jeszcze raz.";
            show_update_form();
        }
 
    } else
    {
        show_update_form();
    }
 
} else {
	// user is not loggedin
    show_loginform();
}
 
?>
[PHP] pobierz, plaintext 

i zmiany dancyh

[PHP] pobierz, plaintext 
<?php
 
 
 
if (isLoggedIn() == true)
{
 
    if (isset($_POST['update']))
    {
 
        if (update($_POST['name'], $_POST['surname'], $_POST['telephone']))
        {
            echo "Twoje dane zostały zapisane! <br /> <a href='./index.php'>Strona glówna</a>";
 
        } else
        {
            echo "Dane niezostały zapisane, spróbuj jeszcze raz.";
            show_update_form();
        }
 
    } else
    {
        show_update_form();
    }
 
} else {
	// user is not loggedin
    show_loginform();
}
 
?>
[PHP] pobierz, plaintext 

i plik odpowiedzialny za dzialania dla uzytkownika

[PHP] pobierz, plaintext 
 
##### User Functions #####
 
function changePassword($username,$currentpassword,$newpassword,$newpassword2){
global $seed;	
	if (!valid_username($username) || !user_exists($username))
    {
        return false;
    }
    if (! valid_password($newpassword) || ($newpassword != $newpassword2)){
 
		return false;
	}
 
	// we get the current password from the database
    $query = sprintf("SELECT password FROM login WHERE username = '%s' LIMIT 1",
        mysql_real_escape_string($username));
 
    $result = mysql_query($query);
	$row= mysql_fetch_row($result);
 
	// compare it with the password the user entered, if they don't match, we return false, he needs to enter the correct password.
	if ($row[0] != sha1($currentpassword.$seed)){
 
		return false;	
	}
 
	// now we update the password in the database
    $query = sprintf("update login set password = '%s' where username = '%s'",
        mysql_real_escape_string(sha1($newpassword.$seed)), mysql_real_escape_string($username));
 
    if (mysql_query($query))
    {
		return true;
	}else {return false;}
	return false;
}
 
 
function user_exists($username)
{
    if (!valid_username($username))
    {
        return false;
    }
 
    $query = sprintf("SELECT loginid FROM login WHERE username = '%s' LIMIT 1",
        mysql_real_escape_string($username));
 
    $result = mysql_query($query);
 
    if (mysql_num_rows($result) > 0)
    {
        return true;
    } else
    {
        return false;
    }
 
    return false;
 
}
 
function activateUser($uid, $actcode)
{
 
    $query = sprintf("select activated from login where loginid = '%s' and actcode = '%s' and activated = 0  limit 1",
        mysql_real_escape_string($uid), mysql_real_escape_string($actcode));
 
    $result = mysql_query($query);
 
    if (mysql_num_rows($result) == 1)
    {
 
        $sql = sprintf("update login set activated = '1'  where loginid = '%s' and actcode = '%s'",
            mysql_real_escape_string($uid), mysql_real_escape_string($actcode));
 
        if (mysql_query($sql))
        {
            return true;
        } else
        {
            return false;
        }
 
    } else
    {
 
        return false;
 
    }
 
}
 
function registerNewUser($username, $password, $password2, $email)
{
 
    global $seed;
 
    if (!valid_username($username) || !valid_password($password) || 
        	!valid_email($email) || $password != $password2 || user_exists($username))
    {
        return false;
    }
 
 
    $code = generate_code(20);
    $sql = sprintf("insert into login (username,password,email,actcode) value ('%s','%s','%s','%s')",
        mysql_real_escape_string($username), mysql_real_escape_string(sha1($password . $seed))
		, mysql_real_escape_string($email), mysql_real_escape_string($code));
 
 
    if (mysql_query($sql))
    {
        $id = mysql_insert_id();
 
        if (sendActivationEmail($username, $password, $id, $email, $code))
        {
 
            return true;
        } else
        {
            return false;
        }
 
    } else
    {
        return false;
    }
    return false;
 
}
 
function lostPassword($username, $email)
{
 
	global $seed;
    if (!valid_username($username) || !user_exists($username) || !valid_email($email))
    {
 
        return false;
    }
 
    $query = sprintf("select loginid from login where username = '%s' and email = '%s' limit 1",
        $username, $email);
 
    $result = mysql_query($query);
 
    if (mysql_num_rows($result) != 1)
    {
 
        return false;
    }
 
 
    $newpass = generate_code(8);
 
    $query = sprintf("update login set password = '%s' where username = '%s'",
        mysql_real_escape_string(sha1($newpass.$seed)), mysql_real_escape_string($username));
 
    if (mysql_query($query))
    {
 
            if (sendLostPasswordEmail($username, $email, $newpass))
        {
            return true;
        } else
        {
            return false;
        }      
 
    } else
    {
        return false;
    }
 
    return false;
 
}
 
function update($name, $surname, $telephone){
global $seed;	
	if (empty($name) || empty($surname) || empty($telephone))
	{
		return false;
	}
 
	// we get the current password from the database
    $query = sprintf("SELECT name, surname, telephone FROM login WHERE username = '%s' LIMIT 1",
        mysql_real_escape_string($username));
 
    $result = mysql_query($query);
	$row= mysql_fetch_row($result);
 
	// now we update the personal in the database
    $query = sprintf("update login set name = '%name', surname ='$surname', telephone = '$telephone' where username = '%s'",
  mysql_real_escape_string($name), mysql_real_escape_string($surname), mysql_real_escape_string($telephone));
 
    if (mysql_query($query))
    {
		return true;
	}else {return false;}
	return false;
}
[PHP] pobierz, plaintext 

pomoze mi ktos bo nie wiem co jest nie tak ;/;/ a przy aktualizacji dancyh personalnych pojawia sie dziwny link

Kod

http://www.mija.unl.pl/index.php?name=michu&surname=jastrzebski&telephone=663310897&gg=&street=&nrhouse=&postcode=&province=dolnoslaskie&update=Zapisz

a przy probie zmiany hasla komuniat haslo nie zostalo zmienione licze na Wasze pomysly i duza cierpliwosc dla mnie

pozdrawiam michu9010

a zachowanie skryptu mozna zobaczyc na www.mija.unl.pl

login michu9010 pass michu9010

Ten post edytował michu9010 30.03.2010, 15:51:33