HB/pages/options_validation.php

<?php
session_start();

$id = $_SESSION['id'];
require('../connectBDD.php');
$x = mysql_query("SELECT * FROM user WHERE id='".$id."'");
$donnees = mysql_fetch_array($x);

$pseudo = $donnees['pseudo'];
$mail = $donnees['mail'];
$mdp = $donnees['mdp'];

if (isset($_POST['ancien_mdp']) && isset($_POST['nouveau_mdp']) && isset($_POST['nouveau_mdp2']) && $_POST['nouveau_mdp']!="" && $_POST['nouveau_mdp2']!="" && $_POST['ancien_mdp'] !='' ) {
	if(sha1(strtoupper($pseudo).':'.$_POST['ancien_mdp']) == $mdp) {
		if  ($_POST['nouveau_mdp'] == $_POST['nouveau_mdp2']) {
			$password = htmlspecialchars($_POST['nouveau_mdp']);
			$password = sha1(strtoupper($pseudo).':'.$password);
			mysql_query("UPDATE `user` SET mdp='$password' WHERE ID='$id'");
			$okmdp = true;
			header('Location: options.php?ok=2');
			exit;
		}
		else {
			header('Location: options.php?erreur=2');
			exit;
		}
	}
	else {
		header('Location: options.php?erreur=3');
		exit;
	}
}
if (isset($_POST['nouveau_mail']) && $_POST['nouveau_mail']!='')
{
    if (preg_match("#^[a-z0-9._-]+@[a-z0-9._-]{2,}\.[a-z]{2,4}$#", $_POST['nouveau_mail']))
    {
		$result = mysql_query("SELECT mail FROM user WHERE mail='".$_POST["nouveau_mail"]."'");
		if(mysql_num_rows($result)>=1) header('Location: options.php?erreur=1');
		else {
			$mail=htmlspecialchars($_POST['nouveau_mail']);
			mysql_query("UPDATE `user` SET mail='".$mail."' WHERE ID='".$id."'");
			if (isset($okmdp)) header('Location: options.php?ok=3');
			else header('Location: options.php?ok=1');
			exit;
		}
    }
    else {
		header('Location: options.php?erreur=4');
		exit;
	}
}
mysql_close();
header('Location: options.php');
?>
Version 2007-10-27 2007-10-27 10:00:00 +00:00			`<?php`
			`session_start();`
First code received by Master Leon 2007-03-31 10:00:00 +00:00
			`$id = $_SESSION['id'];`
Version 2007-10-27 2007-10-27 10:00:00 +00:00			`require('../connectBDD.php');`
First code received by Master Leon 2007-03-31 10:00:00 +00:00			`$x = mysql_query("SELECT * FROM user WHERE id='".$id."'");`
			`$donnees = mysql_fetch_array($x);`

Version 0.7 2007-11-20 11:00:00 +00:00			`$pseudo = $donnees['pseudo'];`
First code received by Master Leon 2007-03-31 10:00:00 +00:00			`$mail = $donnees['mail'];`
			`$mdp = $donnees['mdp'];`

			`if (isset($_POST['ancien_mdp']) && isset($_POST['nouveau_mdp']) && isset($_POST['nouveau_mdp2']) && $_POST['nouveau_mdp']!="" && $_POST['nouveau_mdp2']!="" && $_POST['ancien_mdp'] !='' ) {`
Version 2007-11-04 2007-11-04 11:00:00 +00:00			`if(sha1(strtoupper($pseudo).':'.$_POST['ancien_mdp']) == $mdp) {`
First code received by Master Leon 2007-03-31 10:00:00 +00:00			`if ($_POST['nouveau_mdp'] == $_POST['nouveau_mdp2']) {`
			`$password = htmlspecialchars($_POST['nouveau_mdp']);`
Version 2007-11-04 2007-11-04 11:00:00 +00:00			`$password = sha1(strtoupper($pseudo).':'.$password);`
			mysql_query("UPDATE `user` SET mdp='$password' WHERE ID='$id'");
Version 0.7 2007-11-20 11:00:00 +00:00			`$okmdp = true;`
			`header('Location: options.php?ok=2');`
			`exit;`
First code received by Master Leon 2007-03-31 10:00:00 +00:00			`}`
Version 0.7 2007-11-20 11:00:00 +00:00			`else {`
			`header('Location: options.php?erreur=2');`
			`exit;`
			`}`
			`}`
			`else {`
			`header('Location: options.php?erreur=3');`
			`exit;`
First code received by Master Leon 2007-03-31 10:00:00 +00:00			`}`
			`}`
			`if (isset($_POST['nouveau_mail']) && $_POST['nouveau_mail']!='')`
			`{`
			`if (preg_match("#^[a-z0-9._-]+@[a-z0-9._-]{2,}\.[a-z]{2,4}$#", $_POST['nouveau_mail']))`
			`{`
			`$result = mysql_query("SELECT mail FROM user WHERE mail='".$_POST["nouveau_mail"]."'");`
Version 0.7 2007-11-20 11:00:00 +00:00			`if(mysql_num_rows($result)>=1) header('Location: options.php?erreur=1');`
			`else {`
			`$mail=htmlspecialchars($_POST['nouveau_mail']);`
			mysql_query("UPDATE `user` SET mail='".$mail."' WHERE ID='".$id."'");
			`if (isset($okmdp)) header('Location: options.php?ok=3');`
			`else header('Location: options.php?ok=1');`
			`exit;`
			`}`
First code received by Master Leon 2007-03-31 10:00:00 +00:00			`}`
Version 0.7 2007-11-20 11:00:00 +00:00			`else {`
			`header('Location: options.php?erreur=4');`
			`exit;`
			`}`
First code received by Master Leon 2007-03-31 10:00:00 +00:00			`}`
			`mysql_close();`
Version 0.7 2007-11-20 11:00:00 +00:00			`header('Location: options.php');`
First code received by Master Leon 2007-03-31 10:00:00 +00:00			`?>`