} else {
$r = "";
}
if (isset($_POST['admin_id'])) {
$admin_id = $_POST['admin_id'];
} elseif (isset($_GET['admin_id'])) {
$admin_id = $_GET['admin_id'];
} else {
$admin_id = "";
}
// DISPLAY PASSWORD REQUEST FORM
$submitted = 0;
$valid = 0;
$is_error = 0;
// ASSIGN USER SETTINGS
$owner = new se_admin($admin_id);
// CHECK VALIDITY OF OWNER
if (!$owner->admin_exists) {
$is_error = 1;
} elseif ($owner->admin_info['admin_lostpassword_code'] != $r || !trim($owner->admin_info['admin_lostpassword_code'])) {
$is_error = 1;
} elseif ($owner->admin_info['admin_lostpassword_time'] < time() - 86400) {
$is_error = 1;
} else {
$valid = 1;
}
if ($task == "reset" & $valid == 1) {
$admin_password = $_POST['admin_password'];
$admin_password2 = $_POST['admin_password2'];
$submitted = 1;
// CHECK FOR BLANK FIELDS
}
if (isset($_POST['user_id'])) {
$user_id = $_POST['user_id'];
} elseif (isset($_GET['user_id'])) {
$user_id = $_GET['user_id'];
} else {
$user_id = "";
}
$owner = new SEUser(array($user_id, $user_username));
// CREATE USER OBJECT AND ATTEMPT TO LOG USER IN
$user = new SEUser();
$user->user_checkCookies();
// INSTANTIATE JAVASCRIPT OBJECT
$se_javascript = new SE_Javascript();
// CREATE ADMIN OBJECT AND ATTEMPT TO LOG ADMIN IN
$admin = new se_admin();
$admin->admin_checkCookies();
//SE_DEBUG ? $admin->admin_exists = true : null;
// CANNOT ACCESS USER-ONLY AREA IF NOT LOGGED IN
if (!$user->user_exists && substr($page, 0, 5) == "user_") {
header("Location: login.php?return_url=" . $url->url_current());
exit;
}
// SET GLOBAL TIMEZONE
$global_timezone = $user->user_exists ? $user->user_info['user_timezone'] : $setting['setting_timezone'];
// SET UP LANGUAGE VARIABLES
if (!empty($_GET['lang_id'])) {
$lang_id = NULL;
if ($user->user_exists && $setting['setting_lang_allow']) {
$lang_id = $user->user_info['user_language_id'] = (int) $_GET['lang_id'];
$database->database_query("UPDATE se_users SET user_language_id='{$user->user_info['user_language_id']}' WHERE user_id='{$user->user_info['user_id']}' LIMIT 1");
$diff_admin->admin_create($admin_username, $admin_password, $admin_name, $admin_email);
}
// RUN JAVASCRIPT TO UPDATE MAIN PAGE
echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=UTF-8'><script type='text/javascript'>";
echo "window.parent.createResult('{$is_error}', '" . str_replace("'", "'", $error_message) . "');";
echo "</script></head><body></body></html>";
exit;
} elseif ($task == "edit") {
$admin_id = $_POST['admin_id'];
$admin_username = strtolower($_POST['admin_username']);
$admin_name = $_POST['admin_name'];
$admin_email = $_POST['admin_email'];
$admin_old_password = $_POST['admin_old_password'];
$admin_password = $_POST['admin_password'];
$admin_password_confirm = $_POST['admin_password_confirm'];
$diff_admin = new se_admin($admin_id);
if (!$diff_admin->admin_exists) {
exit('whoops');
}
if (!$admin->admin_super && $admin->admin_info['admin_id'] != $diff_admin->admin_info['admin_id']) {
exit('whoops');
}
$diff_admin->admin_account($admin_username, $admin_old_password, $admin_password, $admin_password_confirm, $admin_name, $admin_email);
$is_error = $diff_admin->is_error;
if ($is_error) {
SE_Language::_preload_multi($is_error);
SE_Language::load();
$error_message = SE_Language::_get($is_error);
}
// EDIT ADMIN IN DATABASE
if (!$is_error) {
