public static function _doUpdateMember()
{
// user attempting to make changes
$respUser = User::find(intval($_SESSION['userid']));
$respMember = Member::find(intval($_SESSION['memberid']));
// member being changed
$memberData = $_POST['memberData'];
$member = Member::findByMemberId($memberData['member_id']);
$user = User::findByMemberId(Member::findId($memberData['member_id']));
// only update values allowed by role
if (!User::isDev()) {
if ($respUser->role < 2) {
unset($memberData['squad_id'], $memberData['position_id'], $memberData['platoon_id']);
}
if ($respUser->role < 3) {
unset($memberData['platoon_id']);
}
}
// only continue if we have permission to edit the user
if (User::canEdit($memberData['member_id'], $respUser, $member) == true) {
// don't log if user edits their own profile
if ($respMember->member_id != $member->member_id) {
UserAction::create(array('type_id' => 3, 'date' => date("Y-m-d H:i:s"), 'user_id' => $respMember->member_id, 'target_id' => $member->member_id));
}
// validate recruiter
if ($memberData['recruiter'] != 0 && !Member::exists($memberData['recruiter'])) {
$data = array('success' => false, 'message' => "Recruiter id is invalid.");
// validate squad leader / squad_id setting
} else {
if ($respMember->member_id != $member->member_id && $memberData['position_id'] == 5 && $memberData['squad_id'] != 0) {
$data = array('success' => false, 'message' => "Squad leaders cannot be in a squad.");
} else {
// update member info
Member::modify($memberData);
}
}
// update games
if (isset($_POST['played_games'])) {
$games = $_POST['played_games'];
foreach ($games as $game) {
$params = new stdClass();
$params->member_id = $member->id;
$params->game_id = $game;
MemberGame::add($params);
}
}
// update user
if (isset($_POST['userData'])) {
$userData = $_POST['userData'];
// wish I had a better way to do this... yuck
$userData['developer'] = isset($userData['developer']) ? $userData['developer'] : 0;
if (!User::isDev()) {
unset($userData['developer']);
}
if ($respMember->member_id != $member->member_id && $user->role >= $respUser->role && !User::isDev()) {
$data = array('success' => false, 'message' => "You are not authorized to make that change.");
} else {
User::modify($userData);
}
}
// update aliases
if (isset($_POST['userAliases'])) {
$aliases = $_POST['userAliases'];
foreach ($aliases as $type => $value) {
$type = Handle::findByName($type)->id;
if ($value != '') {
$params = array('member_id' => $memberData['id'], 'handle_type' => $type, 'handle_value' => trim($value), 'handle_account_id' => '0', 'invalid' => '0', 'invalid_date' => '0000-00-00');
$id = MemberHandle::hasAlias($type, $memberData['id']);
if ($id) {
$params['id'] = $id;
MemberHandle::modify($params);
} else {
MemberHandle::add($params);
}
}
}
}
} else {
$data = array('success' => false, 'message' => 'You do not have permission to modify this player.');
}
if (!isset($data['success'])) {
$data = array('success' => true, 'message' => "Member information updated!");
}
// print out a pretty response
echo json_encode($data);
}
$currentUser = new User();
$currentUser->uid = getRequest('uid');
$response = json_decode($currentUser->getData(), true);
if (!password_verify(md5($response['username'] . getRequest('password_old') . '.cc'), $response['password'])) {
handle(ERROR_PERMISSION . '02' . '密码错误!');
}
$password_new = getRequest('password_new');
if ($password_new === '') {
$password_new = getRequest('password_old');
}
$password_new = password_hash(md5($response['username'] . $password_new . '.cc'), PASSWORD_BCRYPT);
$currentUser->init($response['username'], $password_new, $response['email'], $response['level']);
if (!$currentUser->checkVariables()) {
handle(ERROR_INPUT . '01');
}
$response = $currentUser->modify();
if ($response === false) {
handle(ERROR_SYSTEM . '00');
} else {
handle('0000');
}
break;
case 'changeLevel':
if (!checkAuthority(9)) {
handle(ERROR_PERMISSION . '01');
}
$uid = getRequest('uid');
$level = max(0, min(9, (int) getRequest('level')));
if (($sqlUser = @mysql_query('UPDATE `user`
SET `level` = "' . $level . '"
WHERE `uid` = "' . $uid . '";')) === false) {
