Skip to content

Instantly share code, notes, and snippets.

@awakmu

awakmu/user.php

Created February 26, 2013 08:44
Show Gist options
  • Save awakmu/5037044 to your computer and use it in GitHub Desktop.
Save awakmu/5037044 to your computer and use it in GitHub Desktop.
Download ZIP
VALIDATE or REJECT
Raw
user.php
function user_profile_handler()
{
/* database connection */
$con = option('con');
if(
/* validate valid login dan role */
!empty($_SESSION['username']) && !empty($_SESSION['role_id']) &&
in_array($_SESSION['role_id'], array(option('role_super'), option('role_admin'), option('role_customer'))) &&
/* validate new username */
!empty($_POST['username']) && ctype_alnum($_POST['username']) &&
(
mysql_single_val("
SELECT `username`
FROM `user`
WHERE `id` = '". $_SESSION['user_id'] ."'
") != $_POST['username'] ?
mysql_single_val("
SELECT `id`
FROM `user`
WHERE `username` = '". $_POST['username'] ."'
") === false :
true
) &&
/* validate old password */
!empty($_POST['old_password']) && ctype_alnum($_POST['old_password']) &&
mysql_single_val("
SELECT `password`
FROM `user`
WHERE `username` = '". $_SESSION['username'] ."'
") == md5($_POST['old_password']) &&
/* validate new password & new password confirm */
!empty($_POST['password']) && ctype_alnum($_POST['password']) &&
!empty($_POST['password_confirm']) && ctype_alnum($_POST['password_confirm']) &&
$_POST['password'] == $_POST['password_confirm'] &&
/* validate email */
!empty($_POST['email']) && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) !== false &&
/* validate name */
!empty($_POST['first_name']) && preg_match(option('name_regex'), $_POST['first_name']) &&
( !empty($_POST['last_name']) ? preg_match(option('name_regex'), $_POST['last_name']) : true ) &&
/* validate new role */
( $_POST['role_id'] == option('role_admin') ? !empty($_POST['ym']) : true ) &&
/* validate ym */
( !empty($_POST['ym']) ? preg_match(option('ym_regex'), $_POST['ym']) : true )
)
{
if(!$res = mysql_query("
UPDATE `user`
SET
`username` = '". $_POST['username'] ."',
`password` = '". md5($_POST['password']) ."',
`email` = '". $_POST['email'] ."',
first_name = '". $_POST['first_name'] ."',
last_name = NULLIF('". $_POST['last_name'] ."', ''),
ym = NULLIF('". $_POST['ym'] ."', '')
WHERE `id` = '". $_SESSION['user_id'] ."'
", $con))
trigger_error(mysql_error($con), E_USER_ERROR);
redirect_to('user', 'profile');
}
else
{
flash($_POST);
/* reject invalid username */
if(empty($_POST['username']))
flash('username_error', 'Silahkan mengisi username Anda.');
else if(!ctype_alnum($_POST['username']))
flash('username_error', 'Format penulisan username Anda salah.');
else if(
mysql_single_val("
SELECT `username`
FROM `user`
WHERE `id` = '". $_SESSION['user_id'] ."'
") != $_POST['username'] &&
mysql_single_val("
SELECT `id`
FROM `user`
WHERE `username` = '". $_POST['username'] ."'
") !== false
)
flash('username_error', 'Username Anda sudah terdaftar.');
/* reject invalid old password */
if(empty($_POST['old_password']))
flash('old_password_error', 'Silahkan mengisi password lama Anda.');
else if(!ctype_alnum($_POST['old_password']))
flash('old_password_error', 'Format penulisan password lama Anda salah.');
else if(
mysql_single_val("
SELECT `password`
FROM `user`
WHERE `username` = '". $_SESSION['username'] ."'
") != md5($_POST['old_password'])
)
flash('old_password_error', 'Isian password lama Anda salah.');
/* reject invalid password */
_user_check_password();
/* reject invalid pasword confirm */
_user_check_password_confirm();
/* reject invalid email */
_user_check_email();
/* reject invalid firstname */
_user_check_first_name();
/* reject invalid lastname */
_user_check_last_name();
/* reject invalid ym */
_user_check_ym();
redirect_to('user', 'profile');
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment