} else { $r = ""; } if (isset($_POST['admin_id'])) { $admin_id = $_POST['admin_id']; } elseif (isset($_GET['admin_id'])) { $admin_id = $_GET['admin_id']; } else { $admin_id = ""; } // DISPLAY PASSWORD REQUEST FORM $submitted = 0; $valid = 0; $is_error = 0; // ASSIGN USER SETTINGS $owner = new se_admin($admin_id); // CHECK VALIDITY OF OWNER if (!$owner->admin_exists) { $is_error = 1; } elseif ($owner->admin_info['admin_lostpassword_code'] != $r || !trim($owner->admin_info['admin_lostpassword_code'])) { $is_error = 1; } elseif ($owner->admin_info['admin_lostpassword_time'] < time() - 86400) { $is_error = 1; } else { $valid = 1; } if ($task == "reset" & $valid == 1) { $admin_password = $_POST['admin_password']; $admin_password2 = $_POST['admin_password2']; $submitted = 1; // CHECK FOR BLANK FIELDS
} if (isset($_POST['user_id'])) { $user_id = $_POST['user_id']; } elseif (isset($_GET['user_id'])) { $user_id = $_GET['user_id']; } else { $user_id = ""; } $owner = new SEUser(array($user_id, $user_username)); // CREATE USER OBJECT AND ATTEMPT TO LOG USER IN $user = new SEUser(); $user->user_checkCookies(); // INSTANTIATE JAVASCRIPT OBJECT $se_javascript = new SE_Javascript(); // CREATE ADMIN OBJECT AND ATTEMPT TO LOG ADMIN IN $admin = new se_admin(); $admin->admin_checkCookies(); //SE_DEBUG ? $admin->admin_exists = true : null; // CANNOT ACCESS USER-ONLY AREA IF NOT LOGGED IN if (!$user->user_exists && substr($page, 0, 5) == "user_") { header("Location: login.php?return_url=" . $url->url_current()); exit; } // SET GLOBAL TIMEZONE $global_timezone = $user->user_exists ? $user->user_info['user_timezone'] : $setting['setting_timezone']; // SET UP LANGUAGE VARIABLES if (!empty($_GET['lang_id'])) { $lang_id = NULL; if ($user->user_exists && $setting['setting_lang_allow']) { $lang_id = $user->user_info['user_language_id'] = (int) $_GET['lang_id']; $database->database_query("UPDATE se_users SET user_language_id='{$user->user_info['user_language_id']}' WHERE user_id='{$user->user_info['user_id']}' LIMIT 1");
$diff_admin->admin_create($admin_username, $admin_password, $admin_name, $admin_email); } // RUN JAVASCRIPT TO UPDATE MAIN PAGE echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=UTF-8'><script type='text/javascript'>"; echo "window.parent.createResult('{$is_error}', '" . str_replace("'", "'", $error_message) . "');"; echo "</script></head><body></body></html>"; exit; } elseif ($task == "edit") { $admin_id = $_POST['admin_id']; $admin_username = strtolower($_POST['admin_username']); $admin_name = $_POST['admin_name']; $admin_email = $_POST['admin_email']; $admin_old_password = $_POST['admin_old_password']; $admin_password = $_POST['admin_password']; $admin_password_confirm = $_POST['admin_password_confirm']; $diff_admin = new se_admin($admin_id); if (!$diff_admin->admin_exists) { exit('whoops'); } if (!$admin->admin_super && $admin->admin_info['admin_id'] != $diff_admin->admin_info['admin_id']) { exit('whoops'); } $diff_admin->admin_account($admin_username, $admin_old_password, $admin_password, $admin_password_confirm, $admin_name, $admin_email); $is_error = $diff_admin->is_error; if ($is_error) { SE_Language::_preload_multi($is_error); SE_Language::load(); $error_message = SE_Language::_get($is_error); } // EDIT ADMIN IN DATABASE if (!$is_error) {