Example #1
0
function DBUserUpdate($contest, $site, $user, $username, $userfull, $userdesc, $passo, $passn)
{
    $a = DBUserInfo($contest, $site, $user, null, false);
    $p = myhash($a["userpassword"] . session_id());
    if ($a["userpassword"] != "" && $p != $passo) {
        LOGLevel("User " . $_SESSION["usertable"]["username"] . "/" . $_SESSION["usertable"]["usersitenumber"] . " (contest={$contest}, site={$site}) " . "tried to change settings, but password was incorrect.", 2);
        MSGError("Incorrect password.");
    } else {
        if (!$a['changepassword']) {
            MSGError('Password change is DISABLED');
            return;
        }
        if ($a["userpassword"] == "") {
            $temp = myhash("");
        } else {
            $temp = $a["userpassword"];
        }
        $lentmp = strlen($temp);
        $temp = bighexsub($passn, $temp);
        if ($lentmp > strlen($temp)) {
            $newpass = '******' . $temp;
        } else {
            $newpass = substr($temp, strlen($temp) - $lentmp);
        }
        $c = DBConnect();
        DBExec($c, "begin work");
        DBExec($c, "lock table usertable");
        $r = DBExec($c, "select * from usertable where username='******' and usernumber!={$user} and " . "usersitenumber={$site} and contestnumber={$contest}");
        $n = DBnlines($r);
        if ($n == 0) {
            $sql = "update usertable set username='******', userdesc='{$userdesc}', userfullname='{$userfull}', updatetime=" . time();
            if ($newpass != myhash("")) {
                $sql .= ", userpassword='******'";
            }
            $sql .= " where usernumber={$user} and usersitenumber={$site} and contestnumber={$contest}";
            $r = DBExec($c, $sql);
            DBExec($c, "commit work");
            LOGLevel("User " . $_SESSION["usertable"]["username"] . "/" . $_SESSION["usertable"]["usersitenumber"] . " changed his settings (newname={$username}) " . "(user={$user},site={$site},contest={$contest})", 2);
            MSGError("Data updated.");
            ForceLoad("index.php");
        } else {
            DBExec($c, "rollback work");
            LOGLevel("User " . $_SESSION["usertable"]["username"] . "/" . $_SESSION["usertable"]["usersitenumber"] . " couldn't change his settings " . "(user={$user},site={$site},contest={$contest})", 2);
            MSGError("Update problem (maybe username already in use). No data was changed.");
        }
    }
}
Example #2
0
    	$param['username'] = myhtmlspecialchars($_POST["username"]);
    	$param['usericpcid'] = myhtmlspecialchars($_POST["usericpcid"]);
    	$param['enabled'] = myhtmlspecialchars($_POST["userenabled"]);
    	$param['multilogin'] = myhtmlspecialchars($_POST["usermultilogin"]);
    	$param['userfull'] = unsanitizeText($_POST["userfullname"]); //myhtmlspecialchars($_POST["userfullname"]);
    	$param['userdesc'] = unsanitizeText($_POST["userdesc"]); //myhtmlspecialchars($_POST["userdesc"]);
    	$param['type'] = myhtmlspecialchars($_POST["usertype"]);
    	$param['permitip'] = myhtmlspecialchars($_POST["userip"]);
    */
    $passcheck = htmlspecialchars($_POST["passwordo"]);
    $a = DBUserInfo($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"], null, false);
    if (myhash($a['userpassword'] . session_id()) != $passcheck) {
        MSGError('Admin password is incorrect');
    } else {
        if ($_POST["passwordn1"] == $_POST["passwordn2"]) {
            $param['pass'] = bighexsub(htmlspecialchars($_POST["passwordn1"]), $a['userpassword']);
            if ($param['user'] != 1000) {
                DBNewUser($param);
            }
        } else {
            MSGError("Passwords don't match.");
        }
    }
    ForceLoad("user.php");
} else {
    if (isset($_FILES["importfile"]) && isset($_POST["Submit"]) && $_FILES["importfile"]["name"] != "") {
        if ($_POST["confirmation"] == "confirm") {
            $type = myhtmlspecialchars($_FILES["importfile"]["type"]);
            $size = myhtmlspecialchars($_FILES["importfile"]["size"]);
            $name = myhtmlspecialchars($_FILES["importfile"]["name"]);
            $temp = myhtmlspecialchars($_FILES["importfile"]["tmp_name"]);