function user_setpass($userid, $md5)
{
    global $sql_prefix;
    $oldpass = user_getpass($userid);
    if (!$oldpass) {
        return false;
    } else {
        if ($oldpass == $md5) {
            return true;
        } else {
            $query = sprintf('UPDATE %s_users SET password="******" WHERE ID=%s', $sql_prefix, db_escape($md5), db_escape($userid));
            db_query($query);
            return true;
        }
    }
}
Exemple #2
0
    $content .= "</form>";
} elseif ($action == 'savepassword') {
    $npass1 = $_POST['npass1'];
    $npass2 = $_POST['npass2'];
    if (!isset($npass1) or !isset($npass2) or empty($npass1) or empty($npass2)) {
        header('Location: index.php?module=edituserinfo&action=password&err=2');
        die;
    }
    $md5p1 = md5($npass1);
    $md5p2 = md5($npass2);
    if ($md5p1 != $md5p2) {
        header('Location: index.php?module=edituserinfo&action=password&err=1');
        die;
    }
    // else, set new password:
    $oldpass = user_getpass($sessioninfo->userID);
    user_setpass($sessioninfo->userID, $md5p1);
    $logOld['oldpass'] = $oldpass;
    $logNew['newpass'] = $md5p1;
    log_add("edituser", "setNewPass", serialize($logNew), serialize($logOld));
    $content .= "<h2>" . lang("Password changed", "edituserinfo") . "</h2>";
} elseif ($action == "editUserinfo" && isset($_GET['user'])) {
    // Edit userinfo
    $user = $_GET['user'];
    $userAdmin_acl = acl_access("userAdmin", "", 1);
    if ($user == $sessioninfo->userID) {
    } elseif ($userAdmin_acl == 'Admin' || $userAdmin_acl == 'Write') {
    } else {
        die(lang("Not access to edit userinfo"));
    }
    $qGetUserinfo = db_query("SELECT * FROM " . $sql_prefix . "_users WHERE ID = '" . db_escape($user) . "'");