function update_user($username, $userpass)
{
global $CLASS, $POLLTBL, $auth;
$userpass = cryptmy_password($userpass);
if ($CLASS["db"]->query("UPDATE {$POLLTBL['poll_user']} SET username='******', userpass='******' WHERE session='{$auth['session']}'")) {
return "Updated";
} else {
return "NoUpdate";
}
}
function check_pass($username, $password)
{
if (get_magic_quotes_gpc()) {
$password = stripslashes($password);
} else {
$username = addslashes($username);
}
$password = cryptmy_password($password);
$this->db->query("SELECT user_id FROM " . $this->table['poll_user'] . " WHERE username='******' and userpass='******'");
$this->db->fetch_array($this->db->result);
return $this->db->record ? $this->db->record["user_id"] : false;
}
<?php
/**
* Advanced Poll 2.0 (PHP/MySQL)
*
*
* Filename: *.php
*
* @author Chi Kien Uong
* @version 1.1
* @access public
* @package Poll
* @link http://www.proxy2.de
* @copyright http://www.proxy2.de
*
*/
require "./common.inc.php";
srand((double) microtime() * 1000000);
$new_session = cryptmy_password(uniqid(rand()));
$CLASS["db"]->query("UPDATE {$POLLTBL['poll_user']} SET session='{$new_session}' WHERE session='{$session}'");
$CLASS["template"]->set_templatefiles(array("login" => "admin_login.html"));
$message = $lang['FormEnter'];
$poll_login = $CLASS["template"]->pre_parse("login");
no_cache_header();
eval("echo \"{$poll_login}\";");
**/
if ($_GET['action'] == "pw") {
if ($adminsession->session_user_data['admin_can_use_customer_users_change'] != 1) {
$adminsession->NoEntryForUser();
}
$result = $db->query("SELECT * FROM rhs_customer WHERE customer_id=" . $_GET['userid']);
$user = $db->fetch_array($result);
$smarty->assign($user);
if (isset($_POST['send'])) {
if ($_POST['mode'] == 1) {
$newpassword = password_generate();
$_POST['sendmail'] = 1;
} else {
$newpassword = $_POST['newpassword'];
}
$db->query("UPDATE rhs_customer SET customer_admin_password='******' WHERE customer_id='" . $_GET['userid'] . "'");
if ($_POST['sendmail'] == 1) {
eval("\$mail_html = \"" . $shopconfig['shopconfig_mailnewpw_html'] . "\";");
eval("\$mail_text = \"" . $shopconfig['shopconfig_mailnewpw_text'] . "\";");
$mail = new phpmailer();
$mail->From = $adminsession->session_mandant_data['mandant_email'];
$mail->FromName = $adminsession->session_mandant_data['mandant_vorname'] . " " . $adminsession->session_mandant_data['mandant_nachname'];
$mail->Mailer = "smtp";
$mail->Host = $smtp_mailhost;
$mail->SMTPAuth = true;
$mail->Username = $smtp_user;
$mail->Password = $smtp_pw;
$mail->Subject = "Neues Passwort für Ihren Account bei " . $shopconfig['shopconfig_pagetitle'];
$mail->Body = $mail_html;
$mail->AltBody = $mail_text;
$mail->AddAddress($user['customer_email'], $user['customer_surname']);
/**
* checks the user settings for the login. Returns void.
* @public
* @returns void
*/
function checkUser($name, $password)
{
global $db;
$result = $db->query("SELECT c.*, cag.* FROM rhs_customer c LEFT JOIN rhs_customer_admin_groups cag ON (c.customer_admin_groupsid=cag.admin_id) WHERE customer_admin_name = '" . addslashes(htmlspecialchars($name)) . "' AND customer_admin_password = '******';");
$row = $db->fetch_array($result);
$this->session_user_data = $row;
}