perdedora/leftypol
1
0
Fork 0
forked from leftypol/leftypol
Code Pull requests Activity

Allow users to change their own passwords

Browse source
This commit is contained in:
Savetheinternet 2011-03-28 02:41:06 +11:00
parent f7313d4a0e
commit 4f775fc98d
3 changed files with 34 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

39
mod.php
View file

@ -306,7 +306,8 @@
:'')
: ''
) .
($mod['type'] >= $config['mod']['editusers'] ?
($mod['type'] >= $config['mod']['editusers'] ||
($mod['type'] >= $config['mod']['change_password'] && $_mod['id'] == $mod['id'])?
'<a class="unimportant" style="margin-left:5px;float:right" href="?/users/' . $_mod['id'] . '">[edit]</a>'
: '' ) .
($mod['type'] >= $config['mod']['create_pm'] ?
@ -416,7 +417,7 @@
header('Location: ?/users', true, $config['redirect_http']);
} else {
// Edit user
if($mod['type'] < $config['mod']['editusers']) error($config['error']['noaccess']);
if($mod['type'] < $config['mod']['editusers'] && $mod['type'] < $config['mod']['change_password']) error($config['error']['noaccess']);
$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $modID, PDO::PARAM_INT);
@ -426,12 +427,16 @@
error($config['error']['404']);
}
if(isset($_POST['username']) && isset($_POST['password'])) {
$query = prepare("UPDATE `mods` SET `username` = :username WHERE `id` = :id");
$query->bindValue(':username', $_POST['username']);
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($mod['type'] < $config['mod']['editusers'] && !($mod['type'] >= $config['mod']['change_password'] && $mod['id'] == $_mod['id'] && $change_password_only = true))
error($config['error']['noaccess']);
if((isset($_POST['username']) && isset($_POST['password'])) || (isset($change_password_only) && isset($_POST['password']))) {
if(!isset($change_password_only)) {
$query = prepare("UPDATE `mods` SET `username` = :username WHERE `id` = :id");
$query->bindValue(':username', $_POST['username']);
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
}
if(!empty($_POST['password'])) {
$query = prepare("UPDATE `mods` SET `password` = :password WHERE `id` = :id");
$query->bindValue(':password', sha1($_POST['password']));
@ -444,6 +449,16 @@
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if(!$_mod = $query->fetch()) {
error($config['error']['404']);
}
if($_mod['id'] == $mod['id']) {
// Changed own password. Update cookies
var_dump(login($_mod['username'], $_mod['password'], false));
setCookies();
}
$_mod = $query->fetch();
}
@ -454,7 +469,13 @@
'<table>' .
'<tr><th>Username</th><td><input size="20" maxlength="30" type="text" name="username" value="' . $_mod['username'] . '" autocomplete="off" /></td></tr>' .
'<tr><th>Username</th><td>' .
(isset($change_password_only) ?
$_mod['username']
: '<input size="20" maxlength="30" type="text" name="username" value="' . $_mod['username'] . '" autocomplete="off" />') .
'</td></tr>' .
'<tr><th>Password <span class="unimportant">(new; optional)</span></th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
'</table>' .