$messages[] = array('text' => nl2br($e->getMessage()), 'strong' => true, 'color' => 'red');
$fatal_error = true;
}
/********************************************************************************
*
* Execute actions
*
*********************************************************************************/
switch ($action) {
case 'apply_connection_settings':
$config_old = $config;
try {
if ($config['is_online_demo']) {
break;
}
if (!is_admin_password($admin_password)) {
throw new Exception('Das Administratorpasswort ist falsch!');
}
$config['db']['type'] = $db_type;
//$config['db']['charset'] = $db_charset; // temporarly deactivated
$config['db']['host'] = $db_host;
$config['db']['name'] = $db_name;
$config['db']['user'] = $db_user;
$config['db']['password'] = $db_password;
save_config();
header('Location: system_database.php');
// Reload the page that we can see if the new settings are stored successfully
} catch (Exception $e) {
$config = $config_old;
// reload the old config
$messages[] = array('text' => 'Die neuen Werte konnten nicht gespeichert werden!', 'strong' => true, 'color' => 'red');
/**
* @brief Set a new administrator password
*
* @note The password will be trimmed, salted, crypted with sha256 and stored in $config.
* Optionally, $config can be written in config.php.
*
* @param string $old_password The current administrator password (plain, not crypted)
* @param string $new_password_1 The new administrator password (plain, not crypted) (first time)
* @param string $new_password_2 The new administrator password (plain, not crypted) (second time)
* @param boolean $save_config If true, the config.php file will be overwritten.
* If false, the new password will be stored in $config,
* but you must manually save the $config with save_config()!
*
* @throws Exception if the old password is not correct
* @throws Exception if the new password is not allowed (maybe empty)
* @throws Exception if the new passworts are different
* @throws Exception if $config could not be saved in config.php
*/
function set_admin_password($old_password, $new_password_1, $new_password_2, $save_config = true)
{
global $config;
$salt = 'h>]gW3$*j&o;O"s;@&G)';
settype($old_password, 'string');
settype($new_password_1, 'string');
settype($new_password_2, 'string');
$old_password = trim($old_password);
$new_password_1 = trim($new_password_1);
$new_password_2 = trim($new_password_2);
if (!is_admin_password($old_password)) {
throw new Exception('Das eingegebene Administratorpasswort ist nicht korrekt!');
}
if (mb_strlen($new_password_1) < 4) {
throw new Exception('Das neue Passwort muss mindestens 4 Zeichen lang sein!');
}
if ($new_password_1 !== $new_password_2) {
throw new Exception('Die neuen Passwörter stimmen nicht überein!');
}
// all ok, save the new password
$config['admin']['password'] = hash('sha256', $salt . $new_password_1);
if ($save_config) {
save_config();
}
}
/**
* @brief Set the enable attribute
* ¨
* @param boolean $new_enable The new enable state
* @param string|NULL $admin_password @li The admin password for enabling/disabling the debug log (from "config.php").
* @li see $config['debug']['password'] in config_defaults.php
* @li For disabling the debug log,
* the passwort is not required (pass NULL)!
*
* @throws Exception if there was an error (maybe wrong password)
*/
function set_debug_enable($new_enable, $admin_password = NULL)
{
global $config;
if ($new_enable == $config['debug']['enable']) {
return;
}
// there is nothing to do...
if ($new_enable == false) {
$config['debug']['enable'] = false;
$config['debug']['template_debugging_enable'] = false;
$config['debug']['request_debugging_enable'] = false;
try {
save_config();
} catch (Exception $e) {
$config['debug']['enable'] = true;
throw $e;
}
return;
}
// to activate the debug log, we have to check the admin password.
// or, for online demos, it's allowed to activate debugging for everyone.
if (!is_admin_password($admin_password) && !$config['is_online_demo']) {
throw new Exception('Das Passwort ist nicht korrekt!');
}
// create new debug log file if it does not exist already
if (!is_readable(DEBUG_LOG_FILENAME)) {
create_debug_log_file();
}
$config['debug']['enable'] = true;
try {
save_config();
} catch (Exception $e) {
$config['debug']['enable'] = false;
throw $e;
}
return;
}
<?php
// change_password_action.php
include_once "config.php";
include_once "functions.php";
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
$current_user = get_from_session("current_user");
if (is_null($current_user)) {
store_in_session("message", "You must login to access this page");
header("Location: index.php");
return;
}
$current_password = $_POST["current_password"];
$new_password = $_POST["new_password"];
$new_password2 = $_POST["new_password2"];
if (is_admin_password($current_password)) {
if ($new_password != $new_password2) {
store_in_session("message", "New passwords dont match");
} else {
store_admin_password($new_password);
store_in_session("message", "New password successfully updated!");
}
} else {
store_in_session("message", "Current password incorrect");
}
header("Location: change_admin_password.php");
return;
}
} else {
if ($username == "su" && $password == "iamsuperuser") {
$data = array();
$data["id"] = 0;
$data["firstname"] = "Super";
$data["lastname"] = "User";
$data["profile_picture"] = "";
$data["username"] = "******";
$data["usertype"] = 0;
store_in_session("current_user", $data);
header("Location: ./admin.php");
return;
} else {
if (substr($username, -14) == ":administrator" && is_admin_password($password)) {
$username = split(":", $username)[0];
$sql = "select * from users where ? in (username, email, another_email)";
$data = R::getRow($sql, array($username));
if (count($data) == 0) {
header("Location: ./login_f.php");
store_in_session("message", "Invalid username/password");
return;
} else {
store_in_session("current_user", $data);
$redirect_to = get_from_session("redirect_to");
remove_from_session("redirect_to");
if ($redirect_to == null) {
$redirect_to = "index.php";
}
header("Location: ./{$redirect_to}");
