public function acl($c = '', $act = '')
{
// ! this method is not completed !
$result = false;
$name = $c . ',' . $act;
\CORE::msg('debug', 'Checking acl: ' . $name);
$USER = \CORE\BC\USER::init();
$uid = $USER->get('uid');
$gid = $USER->get('gid');
//dafault acl settings
$group_acl[','] = 1;
$group_acl['page,ciscocall'] = 1;
if ($gid == 0) {
$group_acl['user,login'] = 1;
} else {
$group_acl['user,logout'] = 1;
$group_acl['user,profile'] = 1;
}
if ($gid == 1) {
$group_acl['*,*'] = 1;
}
// loading acl
// ...
// allow
// user
if (isset($user_acl[$name])) {
if ($user_acl[$name] == 1) {
$result = true;
}
}
// group
if (isset($group_acl['*,*'])) {
if ($group_acl['*,*'] == 1) {
$result = true;
}
}
if (isset($group_acl[$name])) {
if ($group_acl[$name] == 1) {
$result = true;
}
}
// deny
// ...
if (!$result) {
\CORE::msg('error', 'Access denied');
}
return $result;
}
public function passwd($pwd = '', $uid = 0)
{
if ($pwd == '' && isset($_POST['pwd'])) {
$pwd = trim($_POST['pwd']);
}
if ($this->check_password($pwd)) {
if ($uid == 0) {
$uid = (int) \CORE\BC\USER::init()->get('uid');
}
$DB = \DB::init();
if ($DB->connect()) {
$gen_pwd = $this->generate_pwd($pwd);
$pwd = array('hash' => $gen_pwd['hash'], 'salt' => $gen_pwd['salt'], 'hint' => $gen_pwd['hint'], 'uid' => $uid);
if (!$this->hint()) {
$pwd['hint'] = NULL;
}
$sql = "UPDATE `n-users` SET `usr-pwd`=:hash, `usr-salt`=:salt, `usr-hint`=:hint WHERE `usr-uid`=:uid;";
$sth = $DB->dbh->prepare($sql);
$sth->execute($pwd);
$DB->query_count();
\CORE::init()->msg('info', 'Password successfully changed.');
}
} else {
\CORE::init()->msg('error', 'Password is not valid.');
}
}
<?php
if (!defined('DIR_BASE')) {
echo '[+_+]';
exit;
}
if (is_readable(DIR_CORE . '/bc/core.php')) {
require DIR_CORE . '/bc/core.php';
} else {
echo 'Core class not found';
exit;
}
$CORE = CORE::init();
$USER = \CORE\BC\USER::init();
$UI = \CORE\BC\UI::init();
$APP = \CORE\BC\APP::init();
$CORE->unload();
$UI->show_template();