plugins/SpecialUserPrefs.php
changeset 1079 fcc42560afe6
parent 1064 5a34101dfcf9
child 1081 745200a9cc2a
equal deleted inserted replaced
1078:67a4c839c7e1 1079:fcc42560afe6
   210           $q = $db->sql_query('SELECT password FROM '.table_prefix.'users WHERE user_id='.$session->user_id.';');
   210           $q = $db->sql_query('SELECT password FROM '.table_prefix.'users WHERE user_id='.$session->user_id.';');
   211           if ( !$q )
   211           if ( !$q )
   212             $db->_die();
   212             $db->_die();
   213           $row = $db->fetchrow();
   213           $row = $db->fetchrow();
   214           $db->free_result();
   214           $db->free_result();
   215           $old_pass = $session->pk_decrypt($row['password'], ENC_HEX);
       
   216           
   215           
   217           $new_email = $_POST['newemail'];
   216           $new_email = $_POST['newemail'];
   218           
   217           
   219           $result = $session->update_user($session->user_id, false, $old_pass, false, $new_email);
   218           $result = $session->change_email($session->user_id, $new_email);
   220           if ( $result != 'success' )
   219           if ( $result != 'success' )
   221           {
   220           {
   222             $message = '<p>' . $lang->get('usercp_emailpassword_err_list') . '</p>';
   221             $message = '<p>' . $lang->get('usercp_emailpassword_err_list') . '</p>';
   223             $message .= '<ul><li>' . implode("</li>\n<li>", $result) . '</li></ul>';
   222             $message .= '<ul><li>' . implode("</li>\n<li>", $result) . '</li></ul>';
   224             die_friendly($lang->get('usercp_emailpassword_err_title'), $message);
   223             die_friendly($lang->get('usercp_emailpassword_err_title'), $message);
   225           }
   224           }
   226           $email_changed = true;
   225           $email_changed = true;
   227         }
   226         }
   228         // Obtain password
   227         // Obtain password
   229         if ( !empty($_POST['crypt_data']) || !empty($_POST['newpass']) )
   228         if ( !empty($_POST['crypt_data']) || !empty($_POST['newpass']) || $session->password_change_disabled )
   230         {
   229         {
   231           $newpass = $session->get_aes_post('newpass');
   230           $newpass = $session->password_change_disabled ? '' : $session->get_aes_post('newpass');
   232           // At this point we know if we _want_ to change the password...
   231           // At this point we know if we _want_ to change the password...
   233           
   232           
   234           // We can't check the password to see if it matches the confirmation
   233           // We can't check the password to see if it matches the confirmation
   235           // because the confirmation was destroyed during the encryption. I figured
   234           // because the confirmation was destroyed during the encryption. I figured
   236           // this wasn't a big deal because if the encryption worked, then either
   235           // this wasn't a big deal because if the encryption worked, then either
   272                 else if ( getConfig('account_activation') == 'admin' )
   271                 else if ( getConfig('account_activation') == 'admin' )
   273                 {
   272                 {
   274                   redirect(makeUrl(get_main_page()), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_admin'), 20);
   273                   redirect(makeUrl(get_main_page()), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_admin'), 20);
   275                 }
   274                 }
   276               }
   275               }
   277               $session->login_without_crypto($session->username, $newpass);
   276               $session->login_without_crypto($username, $newpass);
   278               redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_pass_success'), $lang->get('usercp_emailpassword_msg_password_changed'), 5);
   277               redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_pass_success'), $lang->get('usercp_emailpassword_msg_password_changed'), 5);
   279             }
   278             }
       
   279           }
       
   280           else if ( $email_changed )
       
   281           {
       
   282             $session->logout(USER_LEVEL_CHPREF);
       
   283             $activation = $session->user_level >= USER_LEVEL_MOD ? 'none' : getConfig('account_activation', 'none');
       
   284             switch($activation)
       
   285             {
       
   286               default:
       
   287                 $message_body = $lang->get('usercp_emailpassword_msg_password_changed');
       
   288                 $timeout = 5;
       
   289                 break;
       
   290               case 'admin':
       
   291                 $message_body = $lang->get('usercp_emailpassword_msg_need_activ_user');
       
   292                 $timeout = 20;
       
   293                 break;
       
   294               case 'user':
       
   295                 $message_body = $lang->get('usercp_emailpassword_msg_need_activ_admin');
       
   296                 $timeout = 20;
       
   297                 break;
       
   298             }
       
   299             redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_email_success'), $message_body, $timeout);
   280           }
   300           }
   281         }
   301         }
   282       }
   302       }
   283       $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_emailpassword_title');
   303       $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_emailpassword_title');
   284       break;
   304       break;
   306       {
   326       {
   307         echo $errors;
   327         echo $errors;
   308       }
   328       }
   309       
   329       
   310       echo '<form action="' . makeUrlNS('Special', 'Preferences/EmailPassword') . '" method="post" onsubmit="return runEncryption();" name="empwform" >';
   330       echo '<form action="' . makeUrlNS('Special', 'Preferences/EmailPassword') . '" method="post" onsubmit="return runEncryption();" name="empwform" >';
       
   331       echo '<fieldset>';
       
   332       echo '<legend>' . $lang->get('usercp_emailpassword_grp_chpasswd') . '</legend>';
   311       
   333       
   312       // Password change form
   334       // Password change form
       
   335       if ( $session->password_change_disabled )
       
   336       {
       
   337         echo '<p>' . $lang->get('usercp_emailpassword_msg_change_disabled') . '</p>';
       
   338         if ( $session->password_change_dest['url'] )
       
   339         {
       
   340           echo '<p>' . $lang->get('usercp_emailpassword_msg_change_disabled_url') . '
       
   341                    <a onclick="window.open(this.href); return false;" href="' . htmlspecialchars($session->password_change_dest['url']) . '">' . htmlspecialchars($session->password_change_dest['title']) . '</a></p>';
       
   342         }
       
   343       }
       
   344       else
       
   345       {
       
   346       echo $lang->get('usercp_emailpassword_field_newpass') . '<br />
       
   347                 <input type="password" name="newpass" size="30" tabindex="1" ' . ( getConfig('pw_strength_enable') == '1' ? 'onkeyup="password_score_field(this);" ' : '' ) . '/>' . ( getConfig('pw_strength_enable') == '1' ? '<span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span>' : '' ) . '
       
   348               <br />
       
   349               <br />
       
   350               ' . $lang->get('usercp_emailpassword_field_newpass_confirm') . '<br />
       
   351               <input type="password" name="newpass_confirm" size="30" tabindex="2" />
       
   352               ' . ( getConfig('pw_strength_enable') == '1' ? '<br /><br /><div id="pwmeter"></div>
       
   353               <small>' . $lang->get('usercp_emailpassword_msg_password_min_score') . '</small>' : '' );
       
   354       }
       
   355       echo '</fieldset><br />';
   313       echo '<fieldset>
   356       echo '<fieldset>
   314         <legend>' . $lang->get('usercp_emailpassword_grp_chpasswd') . '</legend>
       
   315         ' . $lang->get('usercp_emailpassword_field_newpass') . '<br />
       
   316           <input type="password" name="newpass" size="30" tabindex="1" ' . ( getConfig('pw_strength_enable') == '1' ? 'onkeyup="password_score_field(this);" ' : '' ) . '/>' . ( getConfig('pw_strength_enable') == '1' ? '<span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span>' : '' ) . '
       
   317         <br />
       
   318         <br />
       
   319         ' . $lang->get('usercp_emailpassword_field_newpass_confirm') . '<br />
       
   320         <input type="password" name="newpass_confirm" size="30" tabindex="2" />
       
   321         ' . ( getConfig('pw_strength_enable') == '1' ? '<br /><br /><div id="pwmeter"></div>
       
   322         <small>' . $lang->get('usercp_emailpassword_msg_password_min_score') . '</small>' : '' ) . '
       
   323       </fieldset><br />
       
   324       <fieldset>
       
   325         <legend>' . $lang->get('usercp_emailpassword_grp_chemail') . '</legend>
   357         <legend>' . $lang->get('usercp_emailpassword_grp_chemail') . '</legend>
   326         ' . $lang->get('usercp_emailpassword_field_newemail') . '<br />
   358         ' . $lang->get('usercp_emailpassword_field_newemail') . '<br />
   327           <input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail" size="30" tabindex="3" />
   359           <input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail" size="30" tabindex="3" />
   328         <br />
   360         <br />
   329         <br />
   361         <br />
   331           <input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail_conf" size="30" tabindex="4" />
   363           <input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail_conf" size="30" tabindex="4" />
   332       </fieldset>
   364       </fieldset>
   333       <br />
   365       <br />
   334       <div style="text-align: right;"><input type="submit" name="submit" value="' . $lang->get('etc_save_changes') . '" tabindex="5" /></div>';
   366       <div style="text-align: right;"><input type="submit" name="submit" value="' . $lang->get('etc_save_changes') . '" tabindex="5" /></div>';
   335       
   367       
   336       echo $session->generate_aes_form();
   368       if ( !$session->password_change_disabled )
       
   369         echo $session->generate_aes_form();
       
   370       
   337       echo '</form>';
   371       echo '</form>';
   338       
   372       
   339       // ENCRYPTION CODE
   373       // ENCRYPTION CODE
   340       ?>
   374       ?>
   341       <?php if ( getConfig('pw_strength_enable') == '1' ): ?>
   375       <?php if ( !$session->password_change_disabled && getConfig('pw_strength_enable') == '1' ): ?>
   342       <script type="text/javascript">
   376       <script type="text/javascript">
   343       addOnloadHook(function()
   377       addOnloadHook(function()
   344         {
   378         {
   345           password_score_field(document.forms.empwform.newpass);
   379           password_score_field(document.forms.empwform.newpass);
   346         });
   380         });