-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsettings.php
executable file
·128 lines (114 loc) · 3.53 KB
/
settings.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<?php
include("connect.php");
if(!isset($_SESSION['ID']))
{
echo location(0, "index.php");
}
else
{
$stmt=$db->prepare("select * from systemTable where USERNAME=?");
$stmt->bindParam(1,$_SESSION['ID']);
$stmt->execute();
$password=$db->prepare("select * from users where USERNAME=?");
$password->bindParam(1,$_SESSION['ID']);
$password->execute();
$stmt=$stmt->fetch(PDO::FETCH_ASSOC);
$password=$password->fetch(PDO::FETCH_ASSOC);
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="css/style.css" />
</head>
<body>
<div class="body"></div>
<div class="grad"></div>
<div class="welcome"><div>Welcome <span><?php echo htmlspecialchars($username,ENT_QUOTES);?></span> </div></div>
<div class="container">
<form action="settings.php" method="POST">
<input type="submit" value="Save" name="save">
<input type="submit" value="Only Change Phone Number" name="number">
<input type="submit" value="Back" name="back">
<table>
<tr>
<td>Old Password</td>
<td><input type="password" name="oldpass"></td>
</tr>
<tr>
<td>New Password</td>
<td><input type="password" name="newpass"></td>
</tr>
<tr>
<td>New Password Again</td>
<td><input type="password" name="newpassagain"></td>
</tr>
<tr>
<td>Mobile Phone Number</td>
<?php echo '<td><input type="text" value="'.htmlspecialchars($stmt['PHONE_NO'],ENT_QUOTES).'" name="mobile" ></td>';?>
</tr>
</table>
</form>
<?php
}
if($_POST)
{
if(isset($_POST['back']))
{
if(htmlspecialchars($_SESSION['ID'],ENT_QUOTES)=="admin")
{
echo location(0,"admin.php");
}
else echo location(0, "login.php");
}
else if(isset($_POST['number']))
{
$update=$db->prepare("update systemTable set PHONE_NO=? where USERNAME=?");
$update->bindParam(1,$_POST['mobile']);
$update->bindParam(2,$_SESSION['ID']);
$update->execute();
if($update)
echo '<div class="setting" >Mobile Phone Number changed.</div> ';
else
echo '<div class="setting" >Change Failed</div> ';
}
else if(isset($_POST['save']))
{
if(empty($_POST['oldpass']) || empty($_POST['newpass']) || empty($_POST['newpassagain']) || empty($_POST['mobile']))
{
echo '<div class="setting" >Missing Information</div> ';
}
else
{
if($_POST['oldpass']==$password['PASSWORD'])
{
if($_POST['newpass']==$_POST['newpassagain'])
{
$updateProfile=$db->prepare("update users set PASSWORD=:? where USERNAME=?");
$updateProfile->bindParam(1,$_POST['newpass']);
$updateProfile->bindParam(2,$_SESSION['ID']);
$updateNumber=$db->prepare("update systemTable set PHONE_NO=:mobile where USERNAME=?");
$updateNumber->bindParam(1,$_POST['mobile']);
$updateNumber->bindParam(2,$_SESSION['ID']);
$updateNumber->execute();
$updateProfile->execute();
if($updateProfile && $updateNumber)
echo '<div class="setting" >Update Successfully</div> ';
else
echo '<div class="setting" >Update Failed</div> ';
}
else
echo '<div class="setting" >New Passwords Are Different.</div> ';
}
else
{
echo '<div class="setting" >Wrong Old Password</div> ';
}
}
}
else{
echo '<div class="setting" >Wrong Process</div>';
}
}
?>
</div>
</body>
</html>