recovery change

creat_manuallcall_list.php

@@ -41,7 +41,48 @@
 $result=mysqli_query($db,$sql);
 $i=0;
 while($row[$i++] = mysqli_fetch_assoc($result));
-$randnum=rand(0,$i-1);
+// random algorithm
+$remain_i=$i;
+$a[$i];
+while($remain_i--){
+$randnum=rand(0,$remain_i-1);
+
+}
+$remain_i=$i;
+$a[$i];
+$b[$i];
+$iii=0;
+for($ii=0;$ii<$i;$ii++){
+	$a[$ii]=0;
+}
+while($remain_i--){
+
+
+$randnum=rand(1,$remain_i+1);
+//echo $randnum;
+$nowi=0;
+$nowii=0;
+//echo $nowii;
+while(1){
+
+	if($a[$nowii]!=1){
+
+		$nowi++;
+
+	}
+
+if($nowi==$randnum){
+	$a[$nowii]=1;
+	break;
+}$nowii++;	
+}
+
+$b[$iii++]=$nowii;
+
+
+}
+
+
 
 $randstuid=$row[$randnum]['stuId'];
 

repassword.php

@@ -1,16 +1,19 @@
 <?php
-
 require_once "get_user_info.php";
 error_reporting(1);
 $oldpassword=$_POST['oldpassword'];
 $newpassword=$_POST['newpassword'];
 $newpassword2=$_POST['newpassword2'];
-
-
-					$npw=substr(md5(md5($$newpassword).md5($username)),0,20);
-					$sql = "UPDATE `roster`.`user` SET `passWord` = $npw WHERE `user`.`userId` = $userid";
-					$result=mysqli_query($db,$sql);
-
+$pw3=substr(md5(md5(md5($oldpassword)).md5($username)),0,20);
+		    $sql = "select passWord from user where userName = '$username' ";
+            $result=mysqli_query($db,$sql);
+			$row = mysqli_fetch_assoc($result);
+            if($row['passWord']==$pw3)
+            {
+				if($newpassword==""||$newpassword2==""||$newpassword!=$newpassword2){
+					echo "3";
+				}
+                else{
 					$npw=substr(md5(md5(md5($newpassword)).md5($username)),0,20);
 					//echo $npw;
 					$sql = "UPDATE `user` SET `passWord` = '$npw' WHERE userName = '$username'";
@@ -21,12 +24,10 @@
                     {
                         echo"1";}
 				}
-
 				//echo "q";/*"<script> alert('Login successfully');parent.location.href='./userSee.php'; </script>"; */
             }
             else
             {
-
                echo "2";/*"wrong password !";*/
 		}
-?>
+?>