public function display() { $template = new Template(); $template->load("plugin_changepassword_changepassword"); $template->show_if('PASSWORD_WRONG', false); $template->show_if('SUCCESSFUL', false); $template->show_if('OLD_PASSWORD_WRONG', false); if (isset($_REQUEST['old_password']) && !empty($_REQUEST['old_password']) && is_string($_REQUEST['old_password']) && isset($_REQUEST['new_password']) && !empty($_REQUEST['new_password']) && is_string($_REQUEST['new_password']) && isset($_REQUEST['confirm_password']) && !empty($_REQUEST['confirm_password']) && is_string($_REQUEST['confirm_password'])) { $old_password = DataBase::Current()->EscapeString($_REQUEST['old_password']); $new_password = DataBase::Current()->EscapeString($_REQUEST['new_password']); $confirm_password = DataBase::Current()->EscapeString($_REQUEST['confirm_password']); if ($new_password != $confirm_password) { $template->show_if('PASSWORD_WRONG', true); } else { $password = DataBase::Current()->EscapeString(md5($new_password . Settings::getInstance()->get("salt"))); $old_password = DataBase::Current()->EscapeString(md5($old_password . Settings::getInstance()->get("salt"))); $db_password = DataBase::Current()->ReadField("SELECT `password` FROM `{'dbprefix'}user` WHERE `id` = '" . User::Current()->id . "'; "); if ($db_password && $db_password != null) { if ($db_password != $old_password) { $template->show_if('OLD_PASSWORD_WRONG', true); } else { DataBase::Current()->Execute("UPDATE `{'dbprefix'}user` SET `password` = '" . $password . "' WHERE `id` = '" . User::Current()->id . "'; "); $template->show_if('SUCCESSFUL', true); EventManager::raiseEvent("plugin_changepassword_change", array('old_password' => $old_password, 'new_password' => $password, 'userid' => User::Current()->id)); Cache::clear("tables", "userlist"); } } else { //Der User ist nicht in der Datenbank aufgeführt. } } } $template->assign_var('ACTION', UrlRewriting::GetUrlByAlias($this->page->alias)); echo $template->getCode(); }
/** * * @param string $base * @param string $file * @return boolean */ public static function upload($base, $file) { $res = false; if (self::checkUploadFile($file)) { $tempname = $file['tmp_name']; $name = $file['name']; $res = copy($tempname, $base . "/" . $name); $args['name'] = $base . "/" . $name; if ($res) { EventManager::raiseEvent("file_uploaded", $args); } } return $res; }
/** * * @param string $name * @param string $dir * @return int */ public static function create($name, $dir = "") { $name = DataBase::Current()->EscapeString($name); $dir = DataBase::Current()->EscapeString($dir); $res = DataBase::Current()->Execute("INSERT INTO {'dbprefix'}forms (name, dir) VALUES ('" . $name . "', '" . $dir . "')"); if ($res) { $args['name'] = $name; EventManager::raiseEvent("form_created", $args); } return DataBase::Current()->InsertID(); }