Example #1
0
function quickConfirm()
{
    global $DB;
    global $MySelf;
    if ($MySelf->canManageUser() == false) {
        makeNotice("You are not allowed to do this!", "error", "Forbidden");
    }
    $ID = sanitize($_GET[id]);
    numericCheck($ID);
    $DB->query("UPDATE users SET confirmed='1' WHERE id='" . $ID . "'");
    $userDS = $DB->query("SELECT * FROM users WHERE id='{$ID}' LIMIT 1");
    $user = $userDS->fetchRow();
    lostPassword($user[username]);
    header("Location: index.php?action=editusers&newusers=true");
    die;
}
Example #2
0
function editUser()
{
    // We need global variables and object.
    global $DB;
    global $MySelf;
    global $IS_DEMO;
    if ($IS_DEMO && $_POST[id] == "1") {
        makeNotice("The user would have been changed. (Operation canceled due to demo site restrictions.)", "notice", "Password change confirmed");
    }
    // Are we allowed to Manage Users?
    if (!$MySelf->canManageUser()) {
        makeNotice("You are not allowed to edit Users!", "error", "forbidden");
    }
    // Sanitize the ID
    $ID = sanitize($_POST[id]);
    $SELF = $MySelf->getID();
    if (!is_numeric($ID)) {
        // Yikes! Non-Number!
        makeNotice("Variable is not numeric! (in editUser)", "error");
    }
    // Load the dataset.
    $userDS = $DB->query("SELECT * FROM users WHERE id='{$ID}' LIMIT 1");
    $user = $userDS->fetchRow();
    // Non-admin tries to edit an admin, err no.
    if ($user[isAdmin] && !$MySelf->isAdmin()) {
        makeNotice("Only an Administrator may edit another Administrator. You do have the rights to edit users, but you are not allowed to modify an Administrators account.", "warning", "Insufficient rights!", "index.php?action=edituser&id={$ID}", "Cancel");
    }
    // Do we want to delete the user?
    if ($_POST[delete] == "true") {
        if ($ID == $SELF) {
            makeNotice("You can not delete yourself! Why would you do such a thing? " . "Life is not that bad, c'mon...'", "warning", "Operation canceled", "index.php?action=edituser&id={$ID}", "get yourself together, man");
        }
        // Are we allowed to delete users?
        if (!$MySelf->canDeleteUser()) {
            makeNotice("You are not authorized to do that!", "error", "Forbidden");
        }
        // Get confirmation
        confirm("You are about to delete " . ucfirst(idToUsername($ID)) . ". Are you sure?");
        $DB->query("UPDATE users SET deleted='1' WHERE id='{$ID}' LIMIT 1");
        if ($DB->affectedRows() == 1) {
            makeNotice("The Account has been deleted.", "notice", "Account deleted", "index.php?action=editusers", "Back to editing Users");
        } else {
            makeNotice("Error deleting the user!", "error");
        }
    }
    // Activate the account, or disable it.
    if ("{$_POST['canLogin']}" == "on") {
        $DB->query("UPDATE users SET active='1' WHERE id ='{$ID}' LIMIT 1");
    } else {
        if ($ID == $SELF) {
            makeNotice("You can not deactivate yourself!", "error", "Err..", "index.php?action=edituser&id={$ID}", "Back to yourself ;)");
        } else {
            $DB->query("UPDATE users SET active='0' WHERE id ='{$ID}'");
        }
    }
    // Confirm the account.
    if ("{$_POST['confirm']}" == "true") {
        $DB->query("UPDATE users SET confirmed='1' WHERE id ='{$ID}' LIMIT 1");
        lostPassword($user[username]);
        $ADD = " Due to confirmation I have sent an email to the user with his password.";
    }
    // Force the users email to be valid.
    if ("{$_POST['SetEmailValid']}" == "true") {
        $DB->query("UPDATE users SET emailvalid='1' WHERE id ='{$ID}' LIMIT 1");
    }
    global $IS_DEMO;
    if (!$IS_DEMO) {
        // Set the new email.
        if (!empty($_POST[email])) {
            $email = sanitize("{$_POST['email']}");
            $DB->query("UPDATE users SET email='{$email}' WHERE id ='{$ID}'");
        }
        // Set the new Password.
        if (!empty($_POST[password])) {
            $password = encryptPassword(sanitize("{$_POST['password']}"));
            $DB->query("UPDATE users SET password='******' WHERE id ='{$ID}'");
        }
        // Change (shudder) the username.
        if ($_POST[username_check] == "true" && $_POST[username] != "") {
            if ($MySelf->isAdmin() && $MySelf->canManageUser()) {
                // Permissions OK.
                $new_username = sanitize($_POST[username]);
                // Check for previously assigned username
                $count = $DB->getCol("SELECT COUNT(username) FROM users WHERE username='******'");
                if ($count[0] > 0) {
                    // Username exists already.
                    makeNotice("The new username \"{$new_username}\" already exists. Unable to complete operation.", "error", "Username exists!");
                } else {
                    // Username free. Update DB.
                    $DB->query("UPDATE users SET username='******' WHERE ID='" . $ID . "' LIMIT 1");
                    // Check for failure, not success.
                    if ($DB->affectedRows() != 1) {
                        // Something is wrong :(
                        makeNotice("DB Error: Internal Error: Unable to update the username.", "error", "Internal Error");
                    }
                }
            } else {
                // Insufficient permissions
                makeNotice("Inusfficient rights to change username.", "error", "Insufficient Rights");
            }
        }
    }
    // Are we allowed to edit ranks?
    if ($MySelf->canEditRank()) {
        // Set the new Rank.
        if (is_numeric($_POST[rank]) && $_POST[rank] >= 0) {
            $rank = sanitize("{$_POST['rank']}");
            $DB->query("UPDATE users SET rank='{$rank}' WHERE id ='{$ID}'");
        }
        // toggle the opt-in setting.
        // Its a checkbox. So we have to endure the pain.
        if ($_POST[optIn]) {
            $state = 1;
        } else {
            $state = 0;
        }
        $DB->query("UPDATE users SET optIn='{$state}' WHERE id='{$ID}' LIMIT 1");
        // Do the permissions.
        $permissions = array("canLogin", "canJoinRun", "canCreateRun", "canCloseRun", "canDeleteRun", "canAddHaul", "canChangePwd", "canChangeEmail", "canChangeOre", "canAddUser", "canSeeUsers", "canDeleteUser", "canEditRank", "canManageUser", "canSeeEvents", "canEditEvents", "canDeleteEvents", "isLottoOfficial", "canPlayLotto", "isOfficial", "isAdmin", "isAccountant");
        // Loop through each of the resources.
        foreach ($permissions as $perm) {
            // Convert the html "on" to "1" and "0", respectively
            if ($_POST[$perm] == "on") {
                $state = "1";
            } else {
                $state = "0";
            }
            // Update the database.
            $DB->query("UPDATE users SET {$perm}='{$state}' WHERE id ='{$ID}'");
        }
    }
    makeNotice("User data has been updated. {$ADD}", "notice", "User updated", "index.php?action=edituser&id={$ID}", "[OK]");
}
Example #3
0
<?php

require_once "header.php";
if (isset($_POST['lostpass'])) {
    if (lostPassword($_POST['username'], $_POST['email'])) {
        echo "Your password has been reset, an email containing your new password has been sent to your inbox.<br />\n\t\t<a href='./index.php'>Click here to return to the homepage.</a>\n\t\t";
    } else {
        echo "Username or email was incorrect !";
        show_lostpassword_form();
    }
} else {
    //user has not pressed the button
    show_lostpassword_form();
}
require_once "footer.php";
Example #4
0
    switch ($action) {
        case 'loginByProvider':
            $provider = $_POST['provider'];
            echo loginByProvider($provider);
            break;
        case 'login':
            $username = $_POST['username'];
            $password = $_POST['password'];
            echo login($username, $password);
            break;
        case 'logout':
            echo logout();
            break;
        case 'lostPassword':
            $email = $_POST['email'];
            echo lostPassword($email);
            break;
        case 'checkSessionAuth':
            echo checkSessionAuth();
            break;
    }
}
function checkSessionAuth()
{
    if ($_SESSION['user_auth'] === '1') {
        return true;
    } else {
        return false;
    }
}
function loginByProvider($provider)