<?php session_start();if (isset($_POST['exit'])) { session_destroy(); he

1. <?php
2. session_start();
3. if (isset($_POST['exit'])) {
4. session_destroy();
5. header('Location: http://manyaedgar.pe.hu/index.php');
6. }
7. $db = mysql_connect ("mysql.hostinger.ru","u549111235_root","111111");
8. mysql_select_db ("u549111235_reg",$db);
9.  
10. $null = "0";
11. $one = "1";
12. $two = "2";
13.  
14. ?>
15. <!DOCTYPE html>
16. <html lang="en">
17. <head>
18. <meta charset="UTF-8">
19. <link rel="stylesheet" href="css/bootstrap.min.css">
20. <link rel="stylesheet" href="css/bootstrap-theme.min.css">
21. <script src="js/bootstrap.min.js"></script>
22. <title>Document</title>
23. </head>
24. <body>
25. <div class="row">
26. <div class="col-md-4"></div>
27. <div class="col-md-4">
28. <form style="float: right" action="" method="post">
29. <input type="submit" name="exit" class="btn btn-info" value="Выход">
30. </form>
31. <?php
32. $queryBlock = mysql_query("SELECT * FROM userAccount WHERE loginUser = '".$_SESSION['login']."' ");
33. if ($blokUser['blockUser'] == 1) {
34. exit("Профиль этого пользователя заблокирован администратором");
35. }
36. ?>
37. <h3>Страница пользователя</h3>
38. <?php
39. $pass = mysql_query("SELECT * FROM userAccount WHERE loginUser = '".$_SESSION['login']."' ");
40. $chan = mysql_fetch_array($pass);
41. if ($chan['passChan'] == md5($null)) {
42. echo "Измените пароль: ";
43. ?>
44. <form action="" method="post" class = "form-inline">
45. <input type="password" class="form-control" name="password" placeholder = "Пароль" required minlength="8" maxlength="20">
46. <input type="password" class="form-control" name="passwordRepeat" placeholder = "Повторите пароль" required minlength="8" maxlength="20">
47. <input type="submit" name="passChan" class="btn" value="Изменить">
48. </form>
49. <?php
50. }
51.  
52. if (isset($_POST['passChan'])) {
53. if ($_POST['password'] != $_POST['passwordRepeat']) {
54. echo "Пароли не совпадают";
55. } elseif (preg_match("/([0-9]+)/", $_POST['password']) AND
56. // preg_match("/([a-z]+)/", $_POST['password']) AND
57. // preg_match("/([A-Z]+)/", $_POST['password']) AND
58. // preg_match("/([А-ЯЁ]+)/", $_POST['password']) AND
59. preg_match("/([!?.,:;]+)/", $_POST['password'])) {
60. $pass = md5($_POST['password']);
61. $q = md5($one);
62. $newPass = mysql_query("UPDATE userAccount SET passwordUserHash = '$pass', passChan = '1' WHERE loginUser = '".$_SESSION['login']."' ");
63. echo "<script language=\"JavaScript\"> window.location.href = \"http://manyaedgar.pe.hu\"</script>";
64. } else {
65. echo '<div class="col-md-4"></div>
66. <div class="col-md-4"><strong>Пароль не удовлетворяет одному или нескольким требованиям: Наличие цифр и знаков препинания.</strong></div>
67. <div class="col-md-4"></div';
68. }
69. }
70.  
71. ?>
72. </div>
73. <div class="col-md-4">
74. </div>
75. </div>
76.  
77. <div class="row">
78. <div class="col-md-4"></div>
79. <div class="col-md-4">
80. <?php
81. $query = mysql_query("SELECT * FROM userAccount WHERE loginUser = '".$_SESSION['login']."' ");
82. $passUser = mysql_fetch_array($query);
83. if ($passUser['passChan'] == 1) {
84. echo $passUser['loginUser'];
85.  
86. }
87. ?>
88. </div>
89. <div class="col-md-4"></div>
90.  
91. </div>
92.  
93.  
94. <div class="row">
95. <div class="col-md-4"></div>
96.  
97. <div class="col-md-4">
98. <?php
99. $queryU = mysql_query("SELECT * FROM userAccount WHERE loginUser = '".$_SESSION['login']."' ");
100. $queryUser = mysql_fetch_array($queryU);
101. if ($queryUser['blockUser'] == md5($null) AND $queryUser['passChan'] == md5($one)) {
102. ?>
103. <form action="" method="post" >
104. <input type="password" class="form-control" name = "oldPass" placeholder = "Введите старый пароль" required minlength="8" maxlength="20">
105. <input type="password" class="form-control" name = "newPass" placeholder = "Введите новый пароль" required minlength="8" maxlength="20">
106. <input type="password" class="form-control" name = "newPass2" placeholder = "Поторите новый пароль" required minlength="8" maxlength="20">
107. <input type="submit" name = "btnNewPass" value = "Готово" class = "btn btn">
108. </form>
109. <?php
110. }
111. if (isset($_POST['btnNewPass'])) {
112. if (md5($_POST['oldPass']) != $queryUser['passwordUserHash'] ) {
113. echo "Не верный старый пароль";
114. exit;
115. } elseif ($_POST['newPass'] != $_POST['newPass2']){
116. echo "string";
117. exit;
118. } elseif (preg_match("/([0-9]+)/", $_POST['password']) AND
119. // preg_match("/([a-z]+)/", $_POST['password']) AND
120. // preg_match("/([A-Z]+)/", $_POST['password']) AND
121. // preg_match("/([А-ЯЁ]+)/", $_POST['password']) AND
122. preg_match("/([!?.,:;]+)/", $_POST['password'])) {
123. $newPass = md5($_POST['newPass']);
124. $queryNewPass = mysql_query("UPDATE userAccount SET passwordUserHash = '$newPass' WHERE loginUser = '".$_SESSION['login']."' ");
125. }
126. }
127. ?>
128. </div>
129.  
130. <div class="col-md-4"></div>
131. </div>
132.  
133. </body>
134. </html>