getUsername(); //isAdmin is true when it's the admin, but the target_id != own id $adminChangesOther = true; $_POST["CurrentPass"] = "dummypass"; } $webUser = new WebUsers($_POST['target_id']); $params = Array( 'user' => $target_username, 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"], 'adminChangesOther' => $adminChangesOther); $result = $webUser->check_change_password($params); if ($result == "success"){ //edit stuff into db global $SITEBASE; require_once($SITEBASE . '/inc/settings.php'); $succresult = settings(); $status = WebUsers::setPassword($target_username, $_POST["NewPass"]); if($status == 'ok'){ $succresult['SUCCESS_PASS'] = "OK"; }else if($status == 'shardoffline'){ $succresult['SUCCESS_PASS'] = "SHARDOFF"; } $succresult['permission'] = unserialize($_SESSION['ticket_user'])->getPermission(); $succresult['no_visible_elements'] = 'FALSE'; $succresult['username'] = $_SESSION['user']; $succresult['target_id'] = $_POST['target_id']; helpers :: loadtemplate( 'settings', $succresult); throw new SystemExit(); }else{ $result['prevCurrentPass'] = filter_var($_POST["CurrentPass"], FILTER_SANITIZE_STRING); $result['prevNewPass'] = filter_var($_POST["NewPass"], FILTER_SANITIZE_STRING); $result['prevConfirmNewPass'] = filter_var($_POST["ConfirmNewPass"], FILTER_SANITIZE_STRING); $result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission(); $result['no_visible_elements'] = 'FALSE'; $result['username'] = $_SESSION['user']; $result['target_id'] = $_POST['target_id']; global $SITEBASE; require_once($SITEBASE . '/inc/settings.php'); $settings = settings(); $result = array_merge($result,$settings); helpers :: loadtemplate( 'settings', $result); throw new SystemExit(); } }else{ //ERROR: permission denied! $_SESSION['error_code'] = "403"; header("Cache-Control: max-age=1"); header("Location: index.php?page=error"); throw new SystemExit(); } }else{ //ERROR: The form was not filled in correclty header("Cache-Control: max-age=1"); header("Location: index.php?page=settings"); throw new SystemExit(); } }else{ //ERROR: user is not logged in header("Cache-Control: max-age=1"); header("Location: index.php"); throw new SystemExit(); } }catch (PDOException $e) { //go to error page or something, because can't access website db print_r($e); throw new SystemExit(); } }