khanat-opennel-code/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php

<?php

function change_password(){
	
    try{
        //if logged in
        if(WebUsers::isLoggedIn()){
            
            if(isset($_POST['target_id'])){
                $adminChangesOther = false;
                //if target_id is the same as session id or is admin
                if(  ($_POST['target_id'] == $_SESSION['id']) ||  WebUsers::isAdmin()  ){
                    if($_POST['target_id'] == $_SESSION['id']){
                        $target_username = $_SESSION['user'];
                    }else{
                        $target_username = WebUsers::getUsername($_POST['target_id']);
                        //isAdmin is true when it's the admin, but the target_id != own id
                        $adminChangesOther = true;
                        $_POST["CurrentPass"] = "dummypass";
                    }
                    
                    $webUser = new WebUsers();
                    $params = Array( 'user' => $target_username, 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"], 'adminChangesOther' => $adminChangesOther);
                    $result = $webUser->check_change_password($params);
                    if ($result == "success"){
                        //edit stuff into db
                        global $SITEBASE;
                        require_once($SITEBASE . 'inc/settings.php');
                        $succresult = settings();
                        $hashpass = crypt($_POST["NewPass"], WebUsers::generateSALT());
                        $status = WebUsers::setPassword($target_username, $hashpass);
                        if($status == 'ok'){
                            $succresult['SUCCESS_PASS'] = "OK";
                        }else if($status == 'shardoffline'){
                             $succresult['SUCCESS_PASS'] = "SHARDOFF";
                        }
                        $succresult['permission'] = $_SESSION['permission'];
                        $succresult['no_visible_elements'] = 'FALSE';
                        $succresult['username'] = $_SESSION['user'];
                        $succresult['target_id'] = $_POST['target_id'];
                        helpers :: loadtemplate( 'settings', $succresult);
                        exit;
                         
                    }else{
                        $result['prevCurrentPass'] = $_POST["CurrentPass"];
                        $result['prevNewPass'] = $_POST["NewPass"];
                        $result['prevConfirmNewPass'] = $_POST["ConfirmNewPass"];
                        $result['permission'] = $_SESSION['permission'];
                        $result['no_visible_elements'] = 'FALSE';
                        $return['username'] = $_SESSION['user'];
                        $result['target_id'] = $_POST['target_id'];

                        global $SITEBASE;
                        require_once($SITEBASE . 'inc/settings.php');
                        $settings = settings();
                        
                        $result = array_merge($result,$settings);
                        helpers :: loadtemplate( 'settings', $result);
                        exit;
                    }
                    
                }else{
                    //ERROR: permission denied!
                }
        
            }else{
                //ERROR: The form was not filled in correclty
            }    
        }else{
            //ERROR: user is not logged in
            exit;
        }
                  
    }catch (PDOException $e) {
         //go to error page or something, because can't access website db
         print_r($e);
         exit;
    }
    
}
Settings page layout set! 2013-07-01 16:28:37 +00:00			`<?php`

			`function change_password(){`

			`try{`
change password is now usable for GM's too by using a GET['id'] param! 2013-07-01 21:29:16 +00:00			`//if logged in`
			`if(WebUsers::isLoggedIn()){`

			`if(isset($_POST['target_id'])){`
			`$adminChangesOther = false;`
			`//if target_id is the same as session id or is admin`
			`if( ($_POST['target_id'] == $_SESSION['id']) \|\| WebUsers::isAdmin() ){`
			`if($_POST['target_id'] == $_SESSION['id']){`
			`$target_username = $_SESSION['user'];`
			`}else{`
			`$target_username = WebUsers::getUsername($_POST['target_id']);`
			`//isAdmin is true when it's the admin, but the target_id != own id`
			`$adminChangesOther = true;`
			`$_POST["CurrentPass"] = "dummypass";`
			`}`

			`$webUser = new WebUsers();`
			`$params = Array( 'user' => $target_username, 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"], 'adminChangesOther' => $adminChangesOther);`
			`$result = $webUser->check_change_password($params);`
			`if ($result == "success"){`
			`//edit stuff into db`
Change info works, without whiping the other fiels now! :) 2013-07-03 01:05:01 +00:00			`global $SITEBASE;`
			`require_once($SITEBASE . 'inc/settings.php');`
			`$succresult = settings();`
change password is now usable for GM's too by using a GET['id'] param! 2013-07-01 21:29:16 +00:00			`$hashpass = crypt($_POST["NewPass"], WebUsers::generateSALT());`
changepassword works 2013-07-02 01:36:49 +00:00			`$status = WebUsers::setPassword($target_username, $hashpass);`
			`if($status == 'ok'){`
Change email seems to work, also for admin's :) 2013-07-02 02:42:12 +00:00			`$succresult['SUCCESS_PASS'] = "OK";`
changepassword works 2013-07-02 01:36:49 +00:00			`}else if($status == 'shardoffline'){`
Change email seems to work, also for admin's :) 2013-07-02 02:42:12 +00:00			`$succresult['SUCCESS_PASS'] = "SHARDOFF";`
changepassword works 2013-07-02 01:36:49 +00:00			`}`
			`$succresult['permission'] = $_SESSION['permission'];`
			`$succresult['no_visible_elements'] = 'FALSE';`
Change info works, without whiping the other fiels now! :) 2013-07-03 01:05:01 +00:00			`$succresult['username'] = $_SESSION['user'];`
changepassword works 2013-07-02 01:36:49 +00:00			`$succresult['target_id'] = $_POST['target_id'];`
			`helpers :: loadtemplate( 'settings', $succresult);`
change password is now usable for GM's too by using a GET['id'] param! 2013-07-01 21:29:16 +00:00			`exit;`

			`}else{`
			`$result['prevCurrentPass'] = $_POST["CurrentPass"];`
			`$result['prevNewPass'] = $_POST["NewPass"];`
			`$result['prevConfirmNewPass'] = $_POST["ConfirmNewPass"];`
			`$result['permission'] = $_SESSION['permission'];`
			`$result['no_visible_elements'] = 'FALSE';`
Change email seems to work, also for admin's :) 2013-07-02 02:42:12 +00:00			`$return['username'] = $_SESSION['user'];`
change password is now usable for GM's too by using a GET['id'] param! 2013-07-01 21:29:16 +00:00			`$result['target_id'] = $_POST['target_id'];`
Change info works, without whiping the other fiels now! :) 2013-07-03 01:05:01 +00:00
			`global $SITEBASE;`
			`require_once($SITEBASE . 'inc/settings.php');`
			`$settings = settings();`

			`$result = array_merge($result,$settings);`
change password is now usable for GM's too by using a GET['id'] param! 2013-07-01 21:29:16 +00:00			`helpers :: loadtemplate( 'settings', $result);`
			`exit;`
			`}`

Settings page layout set! 2013-07-01 16:28:37 +00:00			`}else{`
change password is now usable for GM's too by using a GET['id'] param! 2013-07-01 21:29:16 +00:00			`//ERROR: permission denied!`
Settings page layout set! 2013-07-01 16:28:37 +00:00			`}`
change password is now usable for GM's too by using a GET['id'] param! 2013-07-01 21:29:16 +00:00
			`}else{`
			`//ERROR: The form was not filled in correclty`
			`}`
			`}else{`
			`//ERROR: user is not logged in`
			`exit;`
			`}`

			`}catch (PDOException $e) {`
			`//go to error page or something, because can't access website db`
			`print_r($e);`
			`exit;`
			`}`

Settings page layout set! 2013-07-01 16:28:37 +00:00			`}`