View file game/set.php

File size: 3.12Kb 
<?php

include'inc/conf.php';
session_start();
$sql = mysql_query("SELECT * FROM `users` WHERE `id` = '".$_SESSION['id']."' ");
$row = mysql_fetch_array($sql);

$pass = htmlspecialchars(stripslashes($_SESSION['pass']));
$id = htmlspecialchars(stripslashes($_SESSION['id']));
$go=htmlspecialchars(stripslashes($_GET['go']));
if ($id == $row['id'] and md5($pass)==$row['pass']){


if(empty($_POST)){

$title='Настройки ';
include'inc/up.php';

$ok=trim(htmlspecialchars(stripslashes($_GET['ok'])));
$error=trim(htmlspecialchars(stripslashes($_GET['error'])));
if($ok=='ok') echo'<div class="rek">Пароль успешно изменен</div>';
if($ok=='er') echo'<div class="rek">Пароль не изменен.</div>';
if($error=='pass') echo'<div class="rek">Пароли не совпадают</div>';





echo'<div class="under">
<form method="POST" action="set.php?go=pass">
Новый пароль:<br/>
<input type="text" name="pass_old"><br/>
Новый пароль еще раз:<br/>
<input type="text" name="pass_old2"><br/>
Старый пароль:<br/>
<input type="text" name="pass_new"><br/>
<input type="submit" value="изменить">



</form>
</div>

';
}elseif($_GET['go']=='sovet'){
if(empty($row['sovet'])){
$sql=mysql_query("UPDATE users SET `sovet`='1' WHERE `id`='".$_SESSION['id']."'");
}else{
$sql=mysql_query("UPDATE users SET `sovet`='0' WHERE `id`='".$_SESSION['id']."'");

} echo'sdaf';
header ("Location: city.php");
}

elseif($_GET['go']=='pass'){

$pass_old=trim(mysql_real_escape_string(htmlspecialchars($_POST['pass_old'], ENT_QUOTES, 'utf-8')));
$pass_old2=trim(mysql_real_escape_string(htmlspecialchars($_POST['pass_old2'], ENT_QUOTES, 'utf-8')));

$pass_new=trim(mysql_real_escape_string(htmlspecialchars($_POST['pass_new'], ENT_QUOTES, 'utf-8')));

$pass_old = isset($_POST['pass_old']) ? trim($_POST['pass_old']) : '';
$pass_old2 = isset($_POST['pass_old2']) ? trim($_POST['pass_old2']) : '';

$pass_new = isset($_POST['pass_new']) ? trim($_POST['pass_new']) : '';

if (strlen($_POST['pass_new'])>32) { header("Location: set.php?error=pass"); exit; }
if (strlen($_POST['pass_new'])<6) { header("Location: set.php?error=pass"); exit; } 

    if (!preg_match("/^(([a-z0-9_\-\s]+)|([а-яё0-9_\-\s]+))$/is",$pass_new)){ header("Location: set.php?error=pass"); exit; }
	if (!preg_match("/^(([a-z0-9_\-\s]+)|([а-яё0-9_\-\s]+))$/is",$pass_old)){ header("Location: set.php?error=pass"); exit; }
	if (!preg_match("/^(([a-z0-9_\-\s]+)|([а-яё0-9_\-\s]+))$/is",$pass_old2)){ header("Location: set.php?error=pass"); exit; }
	
	
if($pass_old!=$pass_old2) { header ("Location: set.php?error=pass");	exit; }

elseif(md5($pass_old)==$row['pass']){

$pass_up=md5($pass_new);

$sql=mysql_query("UPDATE users SET `pass`='".$pass_up."' WHERE `id`='".$_SESSION['id']."'");

if($sql){
 $_SESSION['pass'] = $pass_new;
header("Location: set.php?ok=ok"); exit;
}else {
header("Location: set.php?ok=errr"); exit;
}
}else{
header ("Location: set.php?ok=err");

}





}
else{
header ("Location: set.php");

}





}

include'inc/foot.php';


?>