Example #1
0
<?php

/**
 * @author Jaco Ruit
 */
require '../startOrongo.php';
startOrongo();
if (isset($_POST['username']) && isset($_POST['password']) && !isset($_SESSION['orongo-id']) && !isset($_SESSION['orongo-session-id'])) {
    $username = Security::escape($_POST['username']);
    $password = Security::hash($_POST['password']);
    if (User::usernameExists($username)) {
        $userID = User::getUserID($username);
        $goodLogin = User::isGoodPassword($userID, $password);
        if ($goodLogin) {
            if (!User::userIsActivated($userID)) {
                header("Location: ../orongo-login.php?msg=7");
                exit;
            } else {
                $_SESSION['orongo-id'] = $userID;
                $_SESSION['orongo-session-id'] = Session::createSession($userID);
                header("Location: ../orongo-admin/");
                exit;
            }
        } else {
            header("Location: ../orongo-login.php?msg=0");
            exit;
        }
    } else {
        header("Location: ../orongo-login.php?msg=0");
        exit;
    }
Example #2
0
     header("Location: " . orongoURL("orongo-admin/edit.php?user." . $id));
     exit;
 }
 try {
     $user = new User($id);
 } catch (Exception $e) {
     if ($e->getCode() == USER_NOT_EXIST) {
         header("Location: " . orongoURL("orongo-admin/manage.php?msg=0&obj=users"));
         exit;
     } else {
         header("Location: " . orongoURL("orongo-admin/index.php?msg=2"));
         exit;
     }
 }
 if (getUser()->getRank() < RANK_ADMIN) {
     if (!User::isGoodPassword($user->getID(), Security::hash($_POST['password']))) {
         header("Location: " . orongoURL("orongo-admin/view.php?msg=0&obj=user&id=" . $user->getID()));
         exit;
     }
 }
 if (isset($_POST['new_name']) && !empty($_POST['new_name']) && getUser()->getRank() == RANK_ADMIN) {
     $user->setName(trim($_POST['new_name']));
 }
 if (!empty($_POST['new_password'])) {
     User::setPassword($user->getID(), Security::hash($_POST['new_password']));
 }
 if (!empty($_POST['new_email'])) {
     $user->setEmail(trim($_POST['new_email']));
 }
 if (isset($_POST['new_rank']) && !empty($_POST['new_rank']) && getUser()->getRank() == RANK_ADMIN) {
     $ranks = array(RANK_USER, RANK_WRITER, RANK_ADMIN);