/** * Insert the changes on a user into the database * @author Clemens John <*****@*****.**> * @param $user_id * @param $changepassword * @param $permission * @param $oldpassword * @param $newpassword * @param $newpasswordchk * @param $openid * @param $vorname * @param $nachname * @param $strasse * @param $plz * @param $ort * @param $telefon * @param $email * @param $jabber * @param $icq * @param $website * @param $about * @param $notification_method * @return boolean if the user was edited successfull */ public function userInsertEdit($user_id, $changepassword, $permission, $oldpassword, $newpassword, $newpasswordchk, $openid, $vorname, $nachname, $strasse, $plz, $ort, $telefon, $email, $jabber, $icq, $website, $about, $notification_method) { $user_data = User_old::getUserByID($user_id); $message = array(); //check weatcher the given data is valid $phpass = new PasswordHash(8, false); if ($changepassword and !$phpass->CheckPassword($oldpassword, $user_data['password'])) { $message[] = array("Dein altes Passwort ist nicht richtig.", 2); } elseif ($changepassword and empty($newpassword)) { $message[] = array("Du musst ein neues Passwort angeben.", 2); } elseif ($changepassword and $newpassword != $newpasswordchk) { $message[] = array("Deine beiden neuen Passwörter stimmen nicht überein.", 2); } elseif (empty($email)) { $message[] = array("Du musst eine Emailadresse angeben.", 2); } elseif (!User_old::isUniqueEmail($email, $user_id)) { $message[] = array("Es existiert bereits ein Benutzer mit der ausgewhälten Emailadresse <i>{$email}</i>.", 2); } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $message[] = array("Die ausgewählte Emailadresse " . $email . " ist keine gültige Emailadresse.", 2); } elseif (!empty($jabber) and !filter_var($jabber, FILTER_VALIDATE_EMAIL)) { $message[] = array("Die ausgewählte Jabberadresse " . $jabber . " ist keine gültige Jabberadresse.", 2); } elseif (!empty($openid) and !User_old::isUniqueOpenID($openid, $user_id)) { $message[] = array("Die ausgewählte OpenID <i>" . $openid . "</i> ist bereits mit einem Benutzer verknüpft.", 2); } //if the user data is not valid, return false if (count($message) > 0) { Message::setMessage($message); return false; } //if user wants to set a new password, encrypt new password if ($changepassword) { $newpassword = $phpass->HashPassword($newpassword); if (strlen($newpassword) < 20) { $message[] = array("Beim Hashen des neuen Passworts trat ein Fehler auf.", 2); Message::setMessage($message); return false; } } else { $newpassword = $user_data['password']; } if (!$permission) { $newpermission = $user_data['permission']; } else { $newpermission = 0; foreach ($permission as $dual) { $newpermission += $dual; } } //if all checks are okay, update the data into the database $stmt = DB::getInstance()->prepare("UPDATE users SET \n\t\t\t\t\t\t\t permission = ?, password = ?, openid = ?, vorname = ?, nachname = ?,\n\t\t\t\t\t\t\t strasse = ?, plz = ?, ort = ?, telefon = ?, email = ?, jabber = ?,\n\t\t\t\t\t\t\t icq = ?, website = ?, about = ?, notification_method = ?\n\t\t\t\t\t\t WHERE id = ?"); $stmt->execute(array($newpermission, $newpassword, $openid, $vorname, $nachname, $strasse, $plz, $ort, $telefon, $email, $jabber, $icq, $website, $about, $notification_method, $user_id)); $message[] = array("Die Daten von {$user_data['nickname']} wurden geändert", 1); message::setMessage($message); return true; }
/** * Sets a new password for a user that forgot his password and requested a new password by mail * @author Clemens John <*****@*****.**> * @param $new_password_hash the hash of the new password. This hash was sent to the user * by mail previously and the user sets this hash by clicking on * the link in the email * @param $old_password_hash the hash of the old password. This hash was sent to the user * by mail previously and is used to check if the user is permitted to * set this user a new password * @param $user_id id of the user that wants to set a new password * @return boolean true if the password was changed successfull */ public function setNewPassword($new_password_hash, $old_password_hash, $user_id) { $user_data = User_old::getUserByID($user_id); if ($old_password_hash == $user_data['password']) { $stmt = DB::getInstance()->prepare("UPDATE users SET password = ? WHERE id = ?"); $stmt->execute(array($new_password_hash, $user_id)); if ($stmt->rowCount()) { $message[] = array("Dem Benutzer {$user_data['nickname']} wurde ein neues Passwort gesetzt", 1); Message::setMessage($message); return true; } else { $message[] = array("Dem Benutzer {$user_data['nickname']} konnte keine neues Passwort gesetzt werden.", 2); Message::setMessage($message); return false; } } else { $message[] = array("Der übergebene Passwordhash des Benutzers {$user_data['nickname']} stimmt nicht mit dem gespeicherten Hash überein.", 2); $message[] = array("Es wurde kein neues Passwort gesetzt.", 2); Message::setMessage($message); return false; } }
<?php require_once 'runtime.php'; require_once './lib/core/helper.class.php'; require_once './lib/core/user_old.class.php'; $smarty->assign('message', Message::getMessage()); if ($_GET['section'] == "edit") { //Only owner and Root can access this site. if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $_GET['user_id'])) { $smarty->assign('user', User_old::getUserByID($_GET['user_id'])); $smarty->assign('is_root', Permission::checkPermission(PERM_ROOT, $_SESSION['user_id'])); $smarty->assign('permissions', User_old::getRolesByUserID($_GET['user_id'])); $smarty->display("header.tpl.html"); $smarty->display("user_edit.tpl.html"); $smarty->display("footer.tpl.html"); } else { Permission::denyAccess(PERM_ROOT, (int) $_GET['user_id']); } } elseif ($_GET['section'] == "insert_edit") { if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $_GET['user_id'])) { if (User_old::userInsertEdit($_GET['user_id'], $_POST['changepassword'], $_POST['permission'], $_POST['oldpassword'], $_POST['newpassword'], $_POST['newpasswordchk'], $_POST['openid'], $_POST['vorname'], $_POST['nachname'], $_POST['strasse'], $_POST['plz'], $_POST['ort'], $_POST['telefon'], $_POST['email'], $_POST['jabber'], $_POST['icq'], $_POST['website'], $_POST['about'], $_POST['notification_method'])) { header('Location: user.php?user_id=' . $_GET['user_id']); } else { header('Location: user_edit.php?section=edit&user_id=' . $_GET['user_id']); } } else { Permission::denyAccess(PERM_ROOT, (int) $_GET['user_id']); } } elseif ($_GET['section'] == "delete") { if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $_GET['user_id'])) { if ($_POST['delete'] == "true") {