doongdoong/admin_modify_user_action.php at master · fatihohn/doongdoong · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
<?php
    include 'bbdd_db_conn.php';

    function getSalt() {
        $charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
        // $charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/\][{};:?.>,<!@#$%^&*()-_=+|';
        $randStringLen = 64;

        $randString = "";
        for ($i = 0; $i < $randStringLen; $i++) {
            $randString .= $charset[mt_rand(0, strlen($charset) - 1)];
        }

        return $randString;
    }


    $q = intval($_POST['id']);
    $realname = $_POST['realname'];
    $username = $_POST['username'];
    $pw_one = $_POST['password'];
    $salt = getSalt();
    $pwSalt = $pw_one.$salt;
    $password = base64_encode(hash('sha512', $pwSalt, true));

    $pw_two = $_POST['password_conf'];

    $email = $_POST['email'];
    $author = $_POST['author'];
    $author = mysqli_real_escape_string($conn, $author);
    $auth_detail = $_POST['auth_detail'];
    $auth_detail = mysqli_real_escape_string($conn, $auth_detail);
    // $auth_detail = mysql_real_escape_string($auth_detail);
    $cast = $_POST['cast'];
    $active = $_POST['active'];


    $nameSql = "SELECT * FROM user_data WHERE username='$username'";
    $nameCheck = mysqli_query($conn, $nameSql);
    $nameCheck = $nameCheck->fetch_array();

    $nameFromIdSql = "SELECT * FROM user_data WHERE id=$q";
    $nameFromIdCheck = mysqli_query($conn, $nameFromIdSql);
    $nameFromIdCheck = $nameFromIdCheck->fetch_assoc();
    if($nameCheck >= 1 && $nameFromIdCheck['username'] !== $username){
		echo "<script>alert('아이디가 중복됩니다.'); history.back();</script>";
	}else{


        $authNameSql = "SELECT * FROM user_data WHERE author='$author'";
        $authNameCheck = mysqli_query($conn, $authNameSql);
        $authNameCheck = $authNameCheck->fetch_array();

        $authNameFromIdSql = "SELECT * FROM user_data WHERE id=$q";
        $authNameFromIdCheck = mysqli_query($conn, $authNameFromIdSql);
        $authNameFromIdCheck = $authNameFromIdCheck->fetch_array();

        if($authNameCheck >= 1 && $authNameFromIdCheck['author'] !== $author) {
            echo "<script>alert('필명이 중복됩니다.'); history.back();</script>";
        } else {
            if($pw_one !== $pw_two) {
                echo "<script>alert('비밀번호가 일치하지 않습니다.'); history.back();</script>";

            } else {


                    $query =
                    "UPDATE user_data SET
                    `realname`='$realname',
                    `username`='$username',
                    `password`='$password',
                    `salt`='$salt',
                    `email`='$email',
                    `author`='$author',
                    `auth_detail`='$auth_detail',
                    `cast`='$cast',
                    `active`='$active'
                    WHERE `id`=$q";

                  if(strlen($pw_one) > 0 && strlen($pw_two) > 0 && strlen($realname) > 0) {
                    $query0 =
                    "UPDATE user_data SET
                    `realname`='$realname',
                    `username`='$username',
                    `password`='$password',
                    `salt`='$salt',
                    `email`='$email',
                    `author`='$author',
                    `auth_detail`='$auth_detail',
                    `cast`='$cast',
                    `active`='$active'
                    WHERE `id`=$q";
                    $query = $query0;
                    echo "<br>query0";
                } else if(strlen($pw_one) == 0 && strlen($pw_two) == 0 && strlen($realname) > 0) {
                    $query1 =
                    "UPDATE user_data SET
                    `realname`='$realname',
                    `username`='$username',
                    `email`='$email',
                    `author`='$author',
                    `auth_detail`='$auth_detail',
                    `cast`='$cast',
                    `active`='$active'
                    WHERE `id`=$q";
                    $query = $query1;
                    echo "<br>query1";
                }  else if(strlen($pw_one) > 0 && strlen($pw_two) > 0 && strlen($realname) == 0) {
                    $query2 =
                    "UPDATE user_data SET
                    `username`='$username',
                    `password`='$password',
                    `salt`='$salt',
                    `email`='$email',
                    `author`='$author',
                    `auth_detail`='$auth_detail',
                    `cast`='$cast',
                    `active`='$active'
                    WHERE `id`=$q";
                    $query = $query2;
                    echo "<br>query2";
                } else if(strlen($pw_one) == 0 && strlen($pw_two) == 0 && strlen($realname) == 0) {
                    $query3 =
                    "UPDATE user_data SET

                    `username`='$username',

                    `email`='$email',
                    `author`='$author',
                    `auth_detail`='$auth_detail',
                    `cast`='$cast',
                    `active`='$active'
                    WHERE `id`=$q";
                    $query = $query3;
                    echo "<br>query3";
                }

            }
        }
    }


$result = $conn->query($query);

    if($result) {
?>
        <script>
            alert("수정되었습니다.");
            location.replace("./admin_userList.php");
        </script>
<?php    }
    else {
        echo "fail";
        echo("Error description: " . mysqli_error($conn));
    }
?>