Change info works, without whiping the other fiels now! :)

This commit is contained in:
Quitta 2013-07-03 03:05:01 +02:00
parent 9111e87782
commit a215d16bdb
4 changed files with 57 additions and 59 deletions

View file

@ -17,64 +17,53 @@ function change_info(){
} }
$webUser = new WebUsers(); $webUser = new WebUsers();
//use current info to check for changes
$current_info = $webUser->getInfo($_POST['target_id']); $current_info = $webUser->getInfo($_POST['target_id']);
//TODO: XSS filtering //TODO: XSS filtering
//make the query that will update the data.
$updated = false;
$values = Array();
$values['user'] = $target_username;
$query = "UPDATE ams_user SET "; $query = "UPDATE ams_user SET ";
if(($_POST['FirstName'] != "") && ($_POST['FirstName'] != $current_info['FirstName'])){ if(($_POST['FirstName'] != "") && ($_POST['FirstName'] != $current_info['FirstName'])){
$query = $query . "FirstName = :fName "; $query = $query . "FirstName = :fName ";
$updated = true;
$values['fName'] = $_POST['FirstName'];
} }
if(($_POST['LastName'] != "") && ($_POST['LastName'] != $current_info['LastName'])){ if(($_POST['LastName'] != "") && ($_POST['LastName'] != $current_info['LastName'])){
$query = $query . "LastName = :lName "; $query = $query . "LastName = :lName ";
$updated = true;
$values['lName'] = $_POST['LastName'];
} }
//TODO: add the other fields too //TODO: add the other fields too
$query = $query . "WHERE Login = :user"; $query = $query . "WHERE Login = :user";
//if some field is update then:
print($query); if($updated){
exit; global $cfg;
//execute the query in the web DB.
$dbw = new DBLayer($cfg['db']['web']);
$dbw->execute($query,$values);
$reply = $webUser->checkEmail($_POST['NewEmail']);
if ( $reply != "success" ){
$result['EMAIL_ERROR'] = 'TRUE';
}else{
$result['EMAIL_ERROR'] = 'FALSE';
}
$result['prevNewEmail'] = $_POST["NewEmail"];
if ($reply== "success"){
$status = WebUsers::setEmail($target_username, $_POST["NewEmail"] );
if($status == 'ok'){
$result['SUCCESS_MAIL'] = "OK";
}else if($status == 'shardoffline'){
$result['SUCCESS_MAIL'] = "SHARDOFF";
}
$result['permission'] = $_SESSION['permission'];
$result['no_visible_elements'] = 'FALSE';
$result['target_id'] = $_POST['target_id'];
if(isset($_GET['id'])){
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
$result['isAdmin'] = "TRUE";
}
}
helpers :: loadtemplate( 'settings', $result);
exit;
}else{
$result['EMAIL'] = $reply;
$result['permission'] = $_SESSION['permission'];
$result['no_visible_elements'] = 'FALSE';
$return['username'] = $_SESSION['user'];
$result['target_id'] = $_POST['target_id'];
if(isset($_GET['id'])){
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
$result['isAdmin'] = "TRUE";
}
}
helpers :: loadtemplate( 'settings', $result);
exit;
} }
global $SITEBASE;
require_once($SITEBASE . 'inc/settings.php');
$result = settings();
if($updated){
$result['info_updated'] = "OK";
}
$result['permission'] = $_SESSION['permission'];
$result['username'] = $_SESSION['user'];
$result['no_visible_elements'] = 'FALSE';
$result['target_id'] = $_POST['target_id'];
if(isset($_GET['id'])){
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
$result['isAdmin'] = "TRUE";
}
}
helpers :: loadtemplate( 'settings', $result);
exit;
}else{ }else{
//ERROR: permission denied! //ERROR: permission denied!

View file

@ -18,6 +18,11 @@ function change_mail(){
$webUser = new WebUsers(); $webUser = new WebUsers();
$reply = $webUser->checkEmail($_POST['NewEmail']); $reply = $webUser->checkEmail($_POST['NewEmail']);
global $SITEBASE;
require_once($SITEBASE . 'inc/settings.php');
$result = settings();
if ( $reply != "success" ){ if ( $reply != "success" ){
$result['EMAIL_ERROR'] = 'TRUE'; $result['EMAIL_ERROR'] = 'TRUE';
}else{ }else{
@ -34,6 +39,7 @@ function change_mail(){
} }
$result['permission'] = $_SESSION['permission']; $result['permission'] = $_SESSION['permission'];
$result['no_visible_elements'] = 'FALSE'; $result['no_visible_elements'] = 'FALSE';
$result['username'] = $_SESSION['user'];
$result['target_id'] = $_POST['target_id']; $result['target_id'] = $_POST['target_id'];
if(isset($_GET['id'])){ if(isset($_GET['id'])){
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){ if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
@ -47,7 +53,7 @@ function change_mail(){
$result['EMAIL'] = $reply; $result['EMAIL'] = $reply;
$result['permission'] = $_SESSION['permission']; $result['permission'] = $_SESSION['permission'];
$result['no_visible_elements'] = 'FALSE'; $result['no_visible_elements'] = 'FALSE';
$return['username'] = $_SESSION['user']; $result['username'] = $_SESSION['user'];
$result['target_id'] = $_POST['target_id']; $result['target_id'] = $_POST['target_id'];
if(isset($_GET['id'])){ if(isset($_GET['id'])){
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){ if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){

View file

@ -24,7 +24,9 @@ function change_password(){
$result = $webUser->check_change_password($params); $result = $webUser->check_change_password($params);
if ($result == "success"){ if ($result == "success"){
//edit stuff into db //edit stuff into db
global $SITEBASE;
require_once($SITEBASE . 'inc/settings.php');
$succresult = settings();
$hashpass = crypt($_POST["NewPass"], WebUsers::generateSALT()); $hashpass = crypt($_POST["NewPass"], WebUsers::generateSALT());
$status = WebUsers::setPassword($target_username, $hashpass); $status = WebUsers::setPassword($target_username, $hashpass);
if($status == 'ok'){ if($status == 'ok'){
@ -34,17 +36,12 @@ function change_password(){
} }
$succresult['permission'] = $_SESSION['permission']; $succresult['permission'] = $_SESSION['permission'];
$succresult['no_visible_elements'] = 'FALSE'; $succresult['no_visible_elements'] = 'FALSE';
$succresult['username'] = $_SESSION['user'];
$succresult['target_id'] = $_POST['target_id']; $succresult['target_id'] = $_POST['target_id'];
if(isset($_GET['id'])){
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
$succresult['isAdmin'] = "TRUE";
}
}
helpers :: loadtemplate( 'settings', $succresult); helpers :: loadtemplate( 'settings', $succresult);
exit; exit;
}else{ }else{
$result['prevCurrentPass'] = $_POST["CurrentPass"]; $result['prevCurrentPass'] = $_POST["CurrentPass"];
$result['prevNewPass'] = $_POST["NewPass"]; $result['prevNewPass'] = $_POST["NewPass"];
$result['prevConfirmNewPass'] = $_POST["ConfirmNewPass"]; $result['prevConfirmNewPass'] = $_POST["ConfirmNewPass"];
@ -52,11 +49,12 @@ function change_password(){
$result['no_visible_elements'] = 'FALSE'; $result['no_visible_elements'] = 'FALSE';
$return['username'] = $_SESSION['user']; $return['username'] = $_SESSION['user'];
$result['target_id'] = $_POST['target_id']; $result['target_id'] = $_POST['target_id'];
if(isset($_GET['id'])){
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){ global $SITEBASE;
$result['isAdmin'] = "TRUE"; require_once($SITEBASE . 'inc/settings.php');
} $settings = settings();
}
$result = array_merge($result,$settings);
helpers :: loadtemplate( 'settings', $result); helpers :: loadtemplate( 'settings', $result);
exit; exit;
} }

View file

@ -437,7 +437,12 @@
</div> </div>
</div> </div>
{if isset($info_updated) and $info_updated eq "OK"}
<div class="alert alert-success">
The Info has been updated!
</div>
{/if}
<input type="hidden" name="function" value="change_info"> <input type="hidden" name="function" value="change_info">
<input type="hidden" name="target_id" value="{$target_id}"> <input type="hidden" name="target_id" value="{$target_id}">
<div class="control-group"> <div class="control-group">