function user_setpass($userid, $md5)
{
global $sql_prefix;
$oldpass = user_getpass($userid);
if (!$oldpass) {
return false;
} else {
if ($oldpass == $md5) {
return true;
} else {
$query = sprintf('UPDATE %s_users SET password="******" WHERE ID=%s', $sql_prefix, db_escape($md5), db_escape($userid));
db_query($query);
return true;
}
}
}
$content .= "</form>";
} elseif ($action == 'savepassword') {
$npass1 = $_POST['npass1'];
$npass2 = $_POST['npass2'];
if (!isset($npass1) or !isset($npass2) or empty($npass1) or empty($npass2)) {
header('Location: index.php?module=edituserinfo&action=password&err=2');
die;
}
$md5p1 = md5($npass1);
$md5p2 = md5($npass2);
if ($md5p1 != $md5p2) {
header('Location: index.php?module=edituserinfo&action=password&err=1');
die;
}
// else, set new password:
$oldpass = user_getpass($sessioninfo->userID);
user_setpass($sessioninfo->userID, $md5p1);
$logOld['oldpass'] = $oldpass;
$logNew['newpass'] = $md5p1;
log_add("edituser", "setNewPass", serialize($logNew), serialize($logOld));
$content .= "<h2>" . lang("Password changed", "edituserinfo") . "</h2>";
} elseif ($action == "editUserinfo" && isset($_GET['user'])) {
// Edit userinfo
$user = $_GET['user'];
$userAdmin_acl = acl_access("userAdmin", "", 1);
if ($user == $sessioninfo->userID) {
} elseif ($userAdmin_acl == 'Admin' || $userAdmin_acl == 'Write') {
} else {
die(lang("Not access to edit userinfo"));
}
$qGetUserinfo = db_query("SELECT * FROM " . $sql_prefix . "_users WHERE ID = '" . db_escape($user) . "'");