Code:
<?php
session_start();
include "config.php";
?>
<title>Skolica</title>
<LINK rel="stylesheet" href="bla.css" type="text/css">
<?php
if (isset($_POST['login'])) {
$username = mysql_real_escape_string($_POST['username']);
$res = mysql_query("SELECT salt FROM user WHERE username = '".$username."'");
$salt = mysql_fetch_assoc($res);
$password = mysql_real_escape_string($_POST['password']);
$password = sha1(sha1($password).sha1($salt['salt']));
$result = mysql_query("SELECT username,userID FROM `user` WHERE `username` = '".$username."' AND password = '".$password."' AND active=1");
if (mysql_num_rows($result) == 1) {
$row = mysql_fetch_assoc($result);
$_SESSION['auth_userID'] = $row['userID'];
$_SESSION['auth_username'] = $username;
} else {
?><table width="100%" height="100%">
<tr><td align="center" valign="middle">
<div class="dialog">
<b>Elektronski dnevnik</b><p>
Pogresno korisnicko ime ili lozinka! Pokusajte ponovo.<br> <a href="index.php">Nazad na prijavljivanje</a>
</div>
</td></tr>
</table><?php
}
}
if (!isset($_SESSION['auth_userID'])) {
if (!isset($_GET['register'])) { //to register no need to be logged in
?>
<form action="index.php" method="post">
<table width="100%" height="100%">
<tr><td align="center" valign="middle">
<div class="dialog">
<b>Elektronski dnevnik</b><p>
<a href='index.php'>Pocetna</a> | <a href='index.php?edit'>Izmena</a> | <a href='admin.php'>Admin</a><p>
<label>Korisnicko ime: </label><input class="tb_background" type="text" name="username" /><br><br>
<label>Lozinka: </label><input class="tb_background" type="password" name="password" /><br><br>
<input type=submit value="Prijavi se" name='login'> <input type=reset value="Obrisi polja">
</div>
</td></tr>
</table>
</form>
<?php
}
die();
}
?>
<form action="index.php" method="post">
<table width="100%" height="100%">
<tr><td align="center" valign="middle">
<div class="dialog">
<b>Elektronski dnevnik</b><p>
<a href='index.php'>Pocetna</a> | <a href='index.php?edit'>Izmena</a> | <a href='admin.php'>Admin</a><p>
<p><strong>Prijavljeni ste kao: <?php echo $_SESSION['auth_username'];?></strong> <a href='index.php?logout'>Izadji</a></p> <br />
</div>
</td></tr>
</table>
</form>
<?php
if (isset($_GET['logout'])) {
unset($_SESSION['auth_userID']);
unset($_SESSION['auth_username']);
echo "Uspesno ste se izlogovali!";
}
if (isset($_GET['edit'])) {
if (isset($_POST['editUser'])) {
$notRequired = array("password","password2"); //passwords won't be checked, as they are not required
foreach ($_POST as $k=>$v) {
if ($v == "" && !in_array($k,$notRequired)) {
$error[$k] = "<strong>Nista niste uneli.</strong>";
}
}
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password2 = mysql_real_escape_string($_POST['password2']);
$oldPassword = mysql_real_escape_string($_POST['oldPassword']);
$email = mysql_real_escape_string($_POST['email']);
if (!check_email($_POST['email'])) {
$error['email'] .= " <strong>Email nije ispravan!</strong>";
}
$res = mysql_query("SELECT email FROM user WHERE email='".$email."' AND userID != '".$_SESSION['auth_userID']."'");
if (mysql_num_rows($res) == 1) {
$error['email'] .= " <strong>Email vec postoji!</strong>";
}
$res = mysql_query("SELECT username FROM user WHERE username='".$username."' AND username != '".$username."'");
if (mysql_num_rows($res) == 1) {
$error['username'] .= " <strong>Korisnicko ime vec postoji!</strong>";
}
if (($password != "" && $password2 != "") && ($password != $password2)) {
$error['password'] .= " <strong>Lozinke se ne podudaraju!</strong>";
}
$res = mysql_query("SELECT salt FROM user WHERE userID = '".$_SESSION['auth_userID']."'");
$salt = mysql_fetch_assoc($res);
$oldPassword = sha1(sha1($oldPassword).sha1($salt['salt']));
$res = mysql_query("SELECT password FROM user WHERE userID='".$_SESSION['auth_userID']."' AND password = '".$oldPassword."'");
if (mysql_num_rows($res) == 0) {
$error['oldPassword'] .= " <strong>Lozinka nije ispravna!</strong>";
}
if (count($error) == 0) {
$query = "UPDATE user SET username='".$username."', email='".$email."'";
if ($password != "") {
$salt = rand(100,999);
$password = sha1(sha1($password).sha1($salt));
$query .= ", password='".$password."', salt='".$salt."',";
}
$query .= " WHERE userID='".$_SESSION['auth_userID']."'";
$_SESSION['auth_username'] = $username;
if (mysql_query($query)) {
echo "<p><strong>Uspesno ste izmeni nalog.</strong></p>";
} else {
echo "<p><strong>Nalog NIJE sacuvan. ".mysql_error()."</strong></p>";
}
}
}
$rs = mysql_query("SELECT username, email FROM user WHERE userID = ".$_SESSION['auth_userID']." AND active='1'");
if (mysql_num_rows($rs) == 0) {
die("Korisnik ne postoji!");
}
$row = mysql_fetch_assoc($rs);
$_POST['username'] = $row['username'];
$_POST['email'] = $row['email'];
?>
<form action="index.php?edit" method="post">
<table width="100%" height="100%">
<tr><td align="center" valign="middle">
<div class="dialog">
<b>Elektronski dnevnik</b><p>
<a href='index.php'>Pocetna</a> | <a href='index.php?edit'>Izmena</a> | <a href='admin.php'>Admin</a><p>
<p><label>*Korisnicko ime:</label><input type="text" name="username" value='<?php echo $_POST['username'];?>' />
<?php echo(isset($error['username']))?$error['username']:"";?></p>
<p><label>*Email:</label><input type="text" name="email" value='<?php echo $_POST['email'];?>' />
<?php echo(isset($error['email']))?$error['email']:"";?></p>
<p><label>*Lozinka:</label><input type="password" name="oldPassword" value='<?php echo $_POST['oldPassword'];?>' />
<?php echo(isset($error['oldPassword']))?$error['oldPassword']:"";?></p>
<p><label>*Nova lozinka:</label><input type="password" name="password" value='<?php echo $_POST['password'];?>' />
<?php echo(isset($error['password']))?$error['password']:"";?></p>
<p><label>*Ponovite novu lozinku: </label><input type="password" name="password2" value='<?php echo $_POST['password2'];?>' />
<?php echo(isset($error['password2']))?$error['password2']:"";?></p>
<input type='submit' name='editUser' value='Izmeni' />
</div>
</td></tr>
</table>
</form>
<?php
}
Sadržaj se ređa jedan ispod drugog..
