public static function _doUpdateMember() { // user attempting to make changes $respUser = User::find(intval($_SESSION['userid'])); $respMember = Member::find(intval($_SESSION['memberid'])); // member being changed $memberData = $_POST['memberData']; $member = Member::findByMemberId($memberData['member_id']); $user = User::findByMemberId(Member::findId($memberData['member_id'])); // only update values allowed by role if (!User::isDev()) { if ($respUser->role < 2) { unset($memberData['squad_id'], $memberData['position_id'], $memberData['platoon_id']); } if ($respUser->role < 3) { unset($memberData['platoon_id']); } } // only continue if we have permission to edit the user if (User::canEdit($memberData['member_id'], $respUser, $member) == true) { // don't log if user edits their own profile if ($respMember->member_id != $member->member_id) { UserAction::create(array('type_id' => 3, 'date' => date("Y-m-d H:i:s"), 'user_id' => $respMember->member_id, 'target_id' => $member->member_id)); } // validate recruiter if ($memberData['recruiter'] != 0 && !Member::exists($memberData['recruiter'])) { $data = array('success' => false, 'message' => "Recruiter id is invalid."); // validate squad leader / squad_id setting } else { if ($respMember->member_id != $member->member_id && $memberData['position_id'] == 5 && $memberData['squad_id'] != 0) { $data = array('success' => false, 'message' => "Squad leaders cannot be in a squad."); } else { // update member info Member::modify($memberData); } } // update games if (isset($_POST['played_games'])) { $games = $_POST['played_games']; foreach ($games as $game) { $params = new stdClass(); $params->member_id = $member->id; $params->game_id = $game; MemberGame::add($params); } } // update user if (isset($_POST['userData'])) { $userData = $_POST['userData']; // wish I had a better way to do this... yuck $userData['developer'] = isset($userData['developer']) ? $userData['developer'] : 0; if (!User::isDev()) { unset($userData['developer']); } if ($respMember->member_id != $member->member_id && $user->role >= $respUser->role && !User::isDev()) { $data = array('success' => false, 'message' => "You are not authorized to make that change."); } else { User::modify($userData); } } // update aliases if (isset($_POST['userAliases'])) { $aliases = $_POST['userAliases']; foreach ($aliases as $type => $value) { $type = Handle::findByName($type)->id; if ($value != '') { $params = array('member_id' => $memberData['id'], 'handle_type' => $type, 'handle_value' => trim($value), 'handle_account_id' => '0', 'invalid' => '0', 'invalid_date' => '0000-00-00'); $id = MemberHandle::hasAlias($type, $memberData['id']); if ($id) { $params['id'] = $id; MemberHandle::modify($params); } else { MemberHandle::add($params); } } } } } else { $data = array('success' => false, 'message' => 'You do not have permission to modify this player.'); } if (!isset($data['success'])) { $data = array('success' => true, 'message' => "Member information updated!"); } // print out a pretty response echo json_encode($data); }
$currentUser = new User(); $currentUser->uid = getRequest('uid'); $response = json_decode($currentUser->getData(), true); if (!password_verify(md5($response['username'] . getRequest('password_old') . '.cc'), $response['password'])) { handle(ERROR_PERMISSION . '02' . '密码错误!'); } $password_new = getRequest('password_new'); if ($password_new === '') { $password_new = getRequest('password_old'); } $password_new = password_hash(md5($response['username'] . $password_new . '.cc'), PASSWORD_BCRYPT); $currentUser->init($response['username'], $password_new, $response['email'], $response['level']); if (!$currentUser->checkVariables()) { handle(ERROR_INPUT . '01'); } $response = $currentUser->modify(); if ($response === false) { handle(ERROR_SYSTEM . '00'); } else { handle('0000'); } break; case 'changeLevel': if (!checkAuthority(9)) { handle(ERROR_PERMISSION . '01'); } $uid = getRequest('uid'); $level = max(0, min(9, (int) getRequest('level'))); if (($sqlUser = @mysql_query('UPDATE `user` SET `level` = "' . $level . '" WHERE `uid` = "' . $uid . '";')) === false) {