Файл: settings.php
Строк: 66
<?php
session_start();
include ('private/mysql.php');
include ('tmp/head.php');
switch($sd){
default:
echo "<a href='settings.php?sd=password'>Изменить пароль</a><br>
<ahref='settings.php?sd=storona'>Изменить сторону</a><br>";
if($user['mail'] == 'on')
echo "<a href='settings.php?sd=mail_off'>Закрыть почту [<font size=4 color=lime>on</font>]</a><br>";
else
echo "<a href='settings.php?sd=mail_on'>Открыть почту [<font size=4 color=red>off</font>]</a><br>";
break;
case 'password':
if(empty($_POST['submit'])){
echo "<form action='settings.php?sd=password' method='post'>
Старый пароль:<br>
<input type='text' name='old_password' class='enter'><br>
Новый пароль:<br>
<input type='text' name='new_password' class='enter'><br>
Ещё раз:<br>
<input type='text' name='new_password2' class='enter'><br><br>
<input type='submit' name='submit' value='Изменить' class='enter'></form>";
}else{
$op = mysql_real_escape_string(htmlspecialchars($_POST['old_password']));
$np = mysql_real_escape_string(htmlspecialchars($_POST['new_password']));
$np2 = mysql_real_escape_string(htmlspecialchars($_POST['new_password2']));
if($op == '' or $np == '' or $np2 == ''){
echo "Необходимо заполнить все поля.<br><a href='settings.php?sd=password'>Назад</a>";
include ('tmp/foot.php');
exit;
}
$op_h = md5(md5($op));
$np_h = md5(md5($np));
$np2_h = md5(md5($np2));
if($op_h !== $user['password']){
echo "Старый пароль введён неверно.<br><a href='settings.php?sd=password'>Назад</a>";
include ('tmp/foot.php');
exit;
}
if($np !== $np2){
echo "Пароли не совпадают.<br><a href='settings.php?sd=password'>Назад</a>";
include ('tmp/foot.php');
exit;
}
mysql_query("UPDATE `users` SET `password`='$np_h' WHERE `id`='$uid'");
echo "Пароль успешно изменён!<br>Новый пароль: $np<br><br><a href='settings.php?'>Вернуться</a>";
}
break;
case 'mail_off':
if($user['mail'] == 'off') {echo "Ошибка"; include ('tmp/foot.php'); exit;}
mysql_query("UPDATE `users` SET `mail`='off' WHERE `id`='$uid'");
header('Location: settings.php?');
exit;
break;
case 'mail_on':
if($user['mail'] == 'on') {echo "Ошибка"; include ('tmp/foot.php'); exit;}
mysql_query("UPDATE `users` SET `mail`='on' WHERE `id`='$uid'");
header('Location: settings.php?');
exit;
break;
}
include ('tmp/foot.php');
?>