Change info works, without whiping the other fiels now! :)
This commit is contained in:
parent
2c4505c4c0
commit
128529c6c1
4 changed files with 57 additions and 59 deletions
|
@ -17,64 +17,53 @@ function change_info(){
|
||||||
}
|
}
|
||||||
|
|
||||||
$webUser = new WebUsers();
|
$webUser = new WebUsers();
|
||||||
|
//use current info to check for changes
|
||||||
$current_info = $webUser->getInfo($_POST['target_id']);
|
$current_info = $webUser->getInfo($_POST['target_id']);
|
||||||
//TODO: XSS filtering
|
//TODO: XSS filtering
|
||||||
|
|
||||||
|
//make the query that will update the data.
|
||||||
|
$updated = false;
|
||||||
|
$values = Array();
|
||||||
|
$values['user'] = $target_username;
|
||||||
$query = "UPDATE ams_user SET ";
|
$query = "UPDATE ams_user SET ";
|
||||||
if(($_POST['FirstName'] != "") && ($_POST['FirstName'] != $current_info['FirstName'])){
|
if(($_POST['FirstName'] != "") && ($_POST['FirstName'] != $current_info['FirstName'])){
|
||||||
$query = $query . "FirstName = :fName ";
|
$query = $query . "FirstName = :fName ";
|
||||||
|
$updated = true;
|
||||||
|
$values['fName'] = $_POST['FirstName'];
|
||||||
}
|
}
|
||||||
if(($_POST['LastName'] != "") && ($_POST['LastName'] != $current_info['LastName'])){
|
if(($_POST['LastName'] != "") && ($_POST['LastName'] != $current_info['LastName'])){
|
||||||
$query = $query . "LastName = :lName ";
|
$query = $query . "LastName = :lName ";
|
||||||
|
$updated = true;
|
||||||
|
$values['lName'] = $_POST['LastName'];
|
||||||
}
|
}
|
||||||
//TODO: add the other fields too
|
//TODO: add the other fields too
|
||||||
$query = $query . "WHERE Login = :user";
|
$query = $query . "WHERE Login = :user";
|
||||||
|
|
||||||
|
//if some field is update then:
|
||||||
print($query);
|
if($updated){
|
||||||
exit;
|
global $cfg;
|
||||||
|
//execute the query in the web DB.
|
||||||
|
$dbw = new DBLayer($cfg['db']['web']);
|
||||||
|
$dbw->execute($query,$values);
|
||||||
$reply = $webUser->checkEmail($_POST['NewEmail']);
|
|
||||||
if ( $reply != "success" ){
|
|
||||||
$result['EMAIL_ERROR'] = 'TRUE';
|
|
||||||
}else{
|
|
||||||
$result['EMAIL_ERROR'] = 'FALSE';
|
|
||||||
}
|
|
||||||
$result['prevNewEmail'] = $_POST["NewEmail"];
|
|
||||||
|
|
||||||
if ($reply== "success"){
|
|
||||||
$status = WebUsers::setEmail($target_username, $_POST["NewEmail"] );
|
|
||||||
if($status == 'ok'){
|
|
||||||
$result['SUCCESS_MAIL'] = "OK";
|
|
||||||
}else if($status == 'shardoffline'){
|
|
||||||
$result['SUCCESS_MAIL'] = "SHARDOFF";
|
|
||||||
}
|
|
||||||
$result['permission'] = $_SESSION['permission'];
|
|
||||||
$result['no_visible_elements'] = 'FALSE';
|
|
||||||
$result['target_id'] = $_POST['target_id'];
|
|
||||||
if(isset($_GET['id'])){
|
|
||||||
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
|
|
||||||
$result['isAdmin'] = "TRUE";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
helpers :: loadtemplate( 'settings', $result);
|
|
||||||
exit;
|
|
||||||
|
|
||||||
}else{
|
|
||||||
$result['EMAIL'] = $reply;
|
|
||||||
$result['permission'] = $_SESSION['permission'];
|
|
||||||
$result['no_visible_elements'] = 'FALSE';
|
|
||||||
$return['username'] = $_SESSION['user'];
|
|
||||||
$result['target_id'] = $_POST['target_id'];
|
|
||||||
if(isset($_GET['id'])){
|
|
||||||
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
|
|
||||||
$result['isAdmin'] = "TRUE";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
helpers :: loadtemplate( 'settings', $result);
|
|
||||||
exit;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
global $SITEBASE;
|
||||||
|
require_once($SITEBASE . 'inc/settings.php');
|
||||||
|
$result = settings();
|
||||||
|
if($updated){
|
||||||
|
$result['info_updated'] = "OK";
|
||||||
|
}
|
||||||
|
$result['permission'] = $_SESSION['permission'];
|
||||||
|
$result['username'] = $_SESSION['user'];
|
||||||
|
$result['no_visible_elements'] = 'FALSE';
|
||||||
|
$result['target_id'] = $_POST['target_id'];
|
||||||
|
if(isset($_GET['id'])){
|
||||||
|
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
|
||||||
|
$result['isAdmin'] = "TRUE";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
helpers :: loadtemplate( 'settings', $result);
|
||||||
|
exit;
|
||||||
|
|
||||||
}else{
|
}else{
|
||||||
//ERROR: permission denied!
|
//ERROR: permission denied!
|
||||||
|
|
|
@ -18,6 +18,11 @@ function change_mail(){
|
||||||
|
|
||||||
$webUser = new WebUsers();
|
$webUser = new WebUsers();
|
||||||
$reply = $webUser->checkEmail($_POST['NewEmail']);
|
$reply = $webUser->checkEmail($_POST['NewEmail']);
|
||||||
|
|
||||||
|
global $SITEBASE;
|
||||||
|
require_once($SITEBASE . 'inc/settings.php');
|
||||||
|
$result = settings();
|
||||||
|
|
||||||
if ( $reply != "success" ){
|
if ( $reply != "success" ){
|
||||||
$result['EMAIL_ERROR'] = 'TRUE';
|
$result['EMAIL_ERROR'] = 'TRUE';
|
||||||
}else{
|
}else{
|
||||||
|
@ -34,6 +39,7 @@ function change_mail(){
|
||||||
}
|
}
|
||||||
$result['permission'] = $_SESSION['permission'];
|
$result['permission'] = $_SESSION['permission'];
|
||||||
$result['no_visible_elements'] = 'FALSE';
|
$result['no_visible_elements'] = 'FALSE';
|
||||||
|
$result['username'] = $_SESSION['user'];
|
||||||
$result['target_id'] = $_POST['target_id'];
|
$result['target_id'] = $_POST['target_id'];
|
||||||
if(isset($_GET['id'])){
|
if(isset($_GET['id'])){
|
||||||
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
|
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
|
||||||
|
@ -47,7 +53,7 @@ function change_mail(){
|
||||||
$result['EMAIL'] = $reply;
|
$result['EMAIL'] = $reply;
|
||||||
$result['permission'] = $_SESSION['permission'];
|
$result['permission'] = $_SESSION['permission'];
|
||||||
$result['no_visible_elements'] = 'FALSE';
|
$result['no_visible_elements'] = 'FALSE';
|
||||||
$return['username'] = $_SESSION['user'];
|
$result['username'] = $_SESSION['user'];
|
||||||
$result['target_id'] = $_POST['target_id'];
|
$result['target_id'] = $_POST['target_id'];
|
||||||
if(isset($_GET['id'])){
|
if(isset($_GET['id'])){
|
||||||
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
|
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
|
||||||
|
|
|
@ -24,7 +24,9 @@ function change_password(){
|
||||||
$result = $webUser->check_change_password($params);
|
$result = $webUser->check_change_password($params);
|
||||||
if ($result == "success"){
|
if ($result == "success"){
|
||||||
//edit stuff into db
|
//edit stuff into db
|
||||||
|
global $SITEBASE;
|
||||||
|
require_once($SITEBASE . 'inc/settings.php');
|
||||||
|
$succresult = settings();
|
||||||
$hashpass = crypt($_POST["NewPass"], WebUsers::generateSALT());
|
$hashpass = crypt($_POST["NewPass"], WebUsers::generateSALT());
|
||||||
$status = WebUsers::setPassword($target_username, $hashpass);
|
$status = WebUsers::setPassword($target_username, $hashpass);
|
||||||
if($status == 'ok'){
|
if($status == 'ok'){
|
||||||
|
@ -34,17 +36,12 @@ function change_password(){
|
||||||
}
|
}
|
||||||
$succresult['permission'] = $_SESSION['permission'];
|
$succresult['permission'] = $_SESSION['permission'];
|
||||||
$succresult['no_visible_elements'] = 'FALSE';
|
$succresult['no_visible_elements'] = 'FALSE';
|
||||||
|
$succresult['username'] = $_SESSION['user'];
|
||||||
$succresult['target_id'] = $_POST['target_id'];
|
$succresult['target_id'] = $_POST['target_id'];
|
||||||
if(isset($_GET['id'])){
|
|
||||||
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
|
|
||||||
$succresult['isAdmin'] = "TRUE";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
helpers :: loadtemplate( 'settings', $succresult);
|
helpers :: loadtemplate( 'settings', $succresult);
|
||||||
exit;
|
exit;
|
||||||
|
|
||||||
}else{
|
}else{
|
||||||
|
|
||||||
$result['prevCurrentPass'] = $_POST["CurrentPass"];
|
$result['prevCurrentPass'] = $_POST["CurrentPass"];
|
||||||
$result['prevNewPass'] = $_POST["NewPass"];
|
$result['prevNewPass'] = $_POST["NewPass"];
|
||||||
$result['prevConfirmNewPass'] = $_POST["ConfirmNewPass"];
|
$result['prevConfirmNewPass'] = $_POST["ConfirmNewPass"];
|
||||||
|
@ -52,11 +49,12 @@ function change_password(){
|
||||||
$result['no_visible_elements'] = 'FALSE';
|
$result['no_visible_elements'] = 'FALSE';
|
||||||
$return['username'] = $_SESSION['user'];
|
$return['username'] = $_SESSION['user'];
|
||||||
$result['target_id'] = $_POST['target_id'];
|
$result['target_id'] = $_POST['target_id'];
|
||||||
if(isset($_GET['id'])){
|
|
||||||
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
|
global $SITEBASE;
|
||||||
$result['isAdmin'] = "TRUE";
|
require_once($SITEBASE . 'inc/settings.php');
|
||||||
}
|
$settings = settings();
|
||||||
}
|
|
||||||
|
$result = array_merge($result,$settings);
|
||||||
helpers :: loadtemplate( 'settings', $result);
|
helpers :: loadtemplate( 'settings', $result);
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
|
@ -437,7 +437,12 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
{if isset($info_updated) and $info_updated eq "OK"}
|
||||||
|
<div class="alert alert-success">
|
||||||
|
The Info has been updated!
|
||||||
|
</div>
|
||||||
|
{/if}
|
||||||
|
|
||||||
<input type="hidden" name="function" value="change_info">
|
<input type="hidden" name="function" value="change_info">
|
||||||
<input type="hidden" name="target_id" value="{$target_id}">
|
<input type="hidden" name="target_id" value="{$target_id}">
|
||||||
<div class="control-group">
|
<div class="control-group">
|
||||||
|
|
Loading…
Reference in a new issue