2013-07-01 16:28:37 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
function change_password(){
|
|
|
|
|
|
|
|
try{
|
2013-07-01 21:29:16 +00:00
|
|
|
//if logged in
|
|
|
|
if(WebUsers::isLoggedIn()){
|
|
|
|
|
|
|
|
if(isset($_POST['target_id'])){
|
|
|
|
$adminChangesOther = false;
|
|
|
|
//if target_id is the same as session id or is admin
|
2013-07-18 10:43:33 +00:00
|
|
|
if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user']) ){
|
2013-07-01 21:29:16 +00:00
|
|
|
if($_POST['target_id'] == $_SESSION['id']){
|
|
|
|
$target_username = $_SESSION['user'];
|
|
|
|
}else{
|
2013-08-05 15:31:36 +00:00
|
|
|
$webUser = new WebUsers($_POST['target_id']);
|
|
|
|
$target_username = $webUser->getUsername();
|
2013-07-01 21:29:16 +00:00
|
|
|
//isAdmin is true when it's the admin, but the target_id != own id
|
|
|
|
$adminChangesOther = true;
|
|
|
|
$_POST["CurrentPass"] = "dummypass";
|
|
|
|
}
|
|
|
|
|
2013-08-05 15:31:36 +00:00
|
|
|
$webUser = new WebUsers($_POST['target_id']);
|
2013-07-01 21:29:16 +00:00
|
|
|
$params = Array( 'user' => $target_username, 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"], 'adminChangesOther' => $adminChangesOther);
|
|
|
|
$result = $webUser->check_change_password($params);
|
|
|
|
if ($result == "success"){
|
|
|
|
//edit stuff into db
|
2013-07-03 01:05:01 +00:00
|
|
|
global $SITEBASE;
|
|
|
|
require_once($SITEBASE . 'inc/settings.php');
|
|
|
|
$succresult = settings();
|
2013-07-01 21:29:16 +00:00
|
|
|
$hashpass = crypt($_POST["NewPass"], WebUsers::generateSALT());
|
2013-07-02 01:36:49 +00:00
|
|
|
$status = WebUsers::setPassword($target_username, $hashpass);
|
|
|
|
if($status == 'ok'){
|
2013-07-02 02:42:12 +00:00
|
|
|
$succresult['SUCCESS_PASS'] = "OK";
|
2013-07-02 01:36:49 +00:00
|
|
|
}else if($status == 'shardoffline'){
|
2013-07-02 02:42:12 +00:00
|
|
|
$succresult['SUCCESS_PASS'] = "SHARDOFF";
|
2013-07-02 01:36:49 +00:00
|
|
|
}
|
2013-07-18 19:12:03 +00:00
|
|
|
$succresult['permission'] = $_SESSION['ticket_user']->getPermission();
|
2013-07-02 01:36:49 +00:00
|
|
|
$succresult['no_visible_elements'] = 'FALSE';
|
2013-07-03 01:05:01 +00:00
|
|
|
$succresult['username'] = $_SESSION['user'];
|
2013-07-02 01:36:49 +00:00
|
|
|
$succresult['target_id'] = $_POST['target_id'];
|
|
|
|
helpers :: loadtemplate( 'settings', $succresult);
|
2013-07-01 21:29:16 +00:00
|
|
|
exit;
|
|
|
|
|
|
|
|
}else{
|
2013-07-06 20:38:57 +00:00
|
|
|
|
2013-07-04 22:37:48 +00:00
|
|
|
$result['prevCurrentPass'] = filter_var($_POST["CurrentPass"], FILTER_SANITIZE_STRING);
|
|
|
|
$result['prevNewPass'] = filter_var($_POST["NewPass"], FILTER_SANITIZE_STRING);
|
|
|
|
$result['prevConfirmNewPass'] = filter_var($_POST["ConfirmNewPass"], FILTER_SANITIZE_STRING);
|
2013-07-18 19:12:03 +00:00
|
|
|
$result['permission'] = $_SESSION['ticket_user']->getPermission();
|
2013-07-01 21:29:16 +00:00
|
|
|
$result['no_visible_elements'] = 'FALSE';
|
2013-07-04 22:37:48 +00:00
|
|
|
$result['username'] = $_SESSION['user'];
|
2013-07-01 21:29:16 +00:00
|
|
|
$result['target_id'] = $_POST['target_id'];
|
2013-07-03 01:05:01 +00:00
|
|
|
|
|
|
|
global $SITEBASE;
|
|
|
|
require_once($SITEBASE . 'inc/settings.php');
|
|
|
|
$settings = settings();
|
|
|
|
|
|
|
|
$result = array_merge($result,$settings);
|
2013-07-01 21:29:16 +00:00
|
|
|
helpers :: loadtemplate( 'settings', $result);
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
2013-07-01 16:28:37 +00:00
|
|
|
}else{
|
2013-07-01 21:29:16 +00:00
|
|
|
//ERROR: permission denied!
|
2013-07-04 22:37:48 +00:00
|
|
|
$_SESSION['error_code'] = "403";
|
|
|
|
header("Location: index.php?page=error");
|
|
|
|
exit;
|
2013-07-01 16:28:37 +00:00
|
|
|
}
|
2013-07-01 21:29:16 +00:00
|
|
|
|
|
|
|
}else{
|
|
|
|
//ERROR: The form was not filled in correclty
|
2013-07-04 22:37:48 +00:00
|
|
|
header("Location: index.php?page=settings");
|
|
|
|
exit;
|
2013-07-01 21:29:16 +00:00
|
|
|
}
|
|
|
|
}else{
|
|
|
|
//ERROR: user is not logged in
|
2013-07-04 22:37:48 +00:00
|
|
|
header("Location: index.php");
|
|
|
|
exit;
|
2013-07-01 21:29:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
}catch (PDOException $e) {
|
|
|
|
//go to error page or something, because can't access website db
|
|
|
|
print_r($e);
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
2013-07-01 16:28:37 +00:00
|
|
|
}
|
|
|
|
|