function DBUserUpdate($contest, $site, $user, $username, $userfull, $userdesc, $passo, $passn)
{
$a = DBUserInfo($contest, $site, $user, null, false);
$p = myhash($a["userpassword"] . session_id());
if ($a["userpassword"] != "" && $p != $passo) {
LOGLevel("User " . $_SESSION["usertable"]["username"] . "/" . $_SESSION["usertable"]["usersitenumber"] . " (contest={$contest}, site={$site}) " . "tried to change settings, but password was incorrect.", 2);
MSGError("Incorrect password.");
} else {
if (!$a['changepassword']) {
MSGError('Password change is DISABLED');
return;
}
if ($a["userpassword"] == "") {
$temp = myhash("");
} else {
$temp = $a["userpassword"];
}
$lentmp = strlen($temp);
$temp = bighexsub($passn, $temp);
if ($lentmp > strlen($temp)) {
$newpass = '******' . $temp;
} else {
$newpass = substr($temp, strlen($temp) - $lentmp);
}
$c = DBConnect();
DBExec($c, "begin work");
DBExec($c, "lock table usertable");
$r = DBExec($c, "select * from usertable where username='******' and usernumber!={$user} and " . "usersitenumber={$site} and contestnumber={$contest}");
$n = DBnlines($r);
if ($n == 0) {
$sql = "update usertable set username='******', userdesc='{$userdesc}', userfullname='{$userfull}', updatetime=" . time();
if ($newpass != myhash("")) {
$sql .= ", userpassword='******'";
}
$sql .= " where usernumber={$user} and usersitenumber={$site} and contestnumber={$contest}";
$r = DBExec($c, $sql);
DBExec($c, "commit work");
LOGLevel("User " . $_SESSION["usertable"]["username"] . "/" . $_SESSION["usertable"]["usersitenumber"] . " changed his settings (newname={$username}) " . "(user={$user},site={$site},contest={$contest})", 2);
MSGError("Data updated.");
ForceLoad("index.php");
} else {
DBExec($c, "rollback work");
LOGLevel("User " . $_SESSION["usertable"]["username"] . "/" . $_SESSION["usertable"]["usersitenumber"] . " couldn't change his settings " . "(user={$user},site={$site},contest={$contest})", 2);
MSGError("Update problem (maybe username already in use). No data was changed.");
}
}
}
$param['username'] = myhtmlspecialchars($_POST["username"]);
$param['usericpcid'] = myhtmlspecialchars($_POST["usericpcid"]);
$param['enabled'] = myhtmlspecialchars($_POST["userenabled"]);
$param['multilogin'] = myhtmlspecialchars($_POST["usermultilogin"]);
$param['userfull'] = unsanitizeText($_POST["userfullname"]); //myhtmlspecialchars($_POST["userfullname"]);
$param['userdesc'] = unsanitizeText($_POST["userdesc"]); //myhtmlspecialchars($_POST["userdesc"]);
$param['type'] = myhtmlspecialchars($_POST["usertype"]);
$param['permitip'] = myhtmlspecialchars($_POST["userip"]);
*/
$passcheck = htmlspecialchars($_POST["passwordo"]);
$a = DBUserInfo($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"], null, false);
if (myhash($a['userpassword'] . session_id()) != $passcheck) {
MSGError('Admin password is incorrect');
} else {
if ($_POST["passwordn1"] == $_POST["passwordn2"]) {
$param['pass'] = bighexsub(htmlspecialchars($_POST["passwordn1"]), $a['userpassword']);
if ($param['user'] != 1000) {
DBNewUser($param);
}
} else {
MSGError("Passwords don't match.");
}
}
ForceLoad("user.php");
} else {
if (isset($_FILES["importfile"]) && isset($_POST["Submit"]) && $_FILES["importfile"]["name"] != "") {
if ($_POST["confirmation"] == "confirm") {
$type = myhtmlspecialchars($_FILES["importfile"]["type"]);
$size = myhtmlspecialchars($_FILES["importfile"]["size"]);
$name = myhtmlspecialchars($_FILES["importfile"]["name"]);
$temp = myhtmlspecialchars($_FILES["importfile"]["tmp_name"]);