public static function EditByUsername($username, $name, $password, $building, $email, $phone_number) { global $database; if (strlen($password > 0)) { $hashed = EncryptPassword($password); $statement = $database->prepare("UPDATE staff SET name=?, building=?, email=?, phone_number=?, password=? WHERE username=?"); } else { $statement = $database->prepare("UPDATE staff SET name=?, building=?, email=?, phone_number=? WHERE username=?"); } $statement->bindParam(1, $name, PDO::PARAM_STR); $statement->bindParam(2, $building, PDO::PARAM_STR); $statement->bindParam(3, $email, PDO::PARAM_STR); $statement->bindParam(4, $phone_number, PDO::PARAM_STR); if (strlen($password > 0)) { $statement->bindParam(5, $hashed, PDO::PARAM_STR); $statement->bindParam(6, $username, PDO::PARAM_STR); } else { $statement->bindParam(5, $username, PDO::PARAM_STR); } $statement->execute(); }
$name = $_POST["name"]; $building = $_POST["building"]; $email = CleanString($_POST["email"]); $phone_number = CleanString($_POST["phone_number"]); $type = $_POST["type"]; if (empty($name) || empty($building) || empty($email) || empty($phone_number)) { ShowError("One or more fields were empty!"); } elseif ($password != $password_confirm) { ShowError("Passwords did not match! Go back and try again."); } elseif (!Building::Exists($building) && $building !== "N/A") { ShowError("Invalid building."); } elseif ($me->GetID() == $staff->GetID() && $me->GetType() != $type) { ShowError("You can't change your account access!"); } else { if (strlen($password) > 0) { $staff->SetPassword(EncryptPassword($password)); } $staff->Edit($name, $type, $building, $email, $phone_number); ShowInfo("Edited Staff Member Successfully"); RedirectTimer("admin&staff", 3); } } elseif (isset($_GET["edit"])) { ?> <form class="form-horizontal" role="form" method="post"> <div class="form-group"> <label for="username">Username</label> <input type="text" class="form-control" id="username" name="username" value="<?php echo $staff->GetUsername(); ?> " disabled> </div>
<?php if (isset($_POST["save"])) { $password = $_POST["password"]; $password_confirm = $_POST["password_confirm"]; $name = $_POST["name"]; $email = CleanString($_POST["email"]); $phone_number = CleanString($_POST["phone_number"]); if (empty($name) || empty($email) || empty($phone_number)) { ShowError("One or more fields were empty!"); } elseif ($password != $password_confirm) { ShowError("Passwords did not match! Go back and try again."); } else { if (strlen($password) > 0) { $me->SetPassword(EncryptPassword($password)); } $me->Edit($name, $me->GetType(), $me->GetBuilding(), $email, $phone_number); ShowInfo("Saved Settings"); } } ?> <div class="container"> <div class="row"> <div class="col-sm-4"> <form class="form-horizontal" role="form" method="post"> <div class="form-group"> <label for="password">Password</label> <input type="password" class="form-control" id="password" name="password" placeholder="Password"> <p class="help-block">Leave blank to keep the current password.</p> </div>
public function resetpasswordAction() { if (!Tools::isPost()) { // если открыли форму ссылкой из письма $Email = GETAsStrOrDef('m', ''); $PasswordHash = GETAsStrOrDef('h', ''); if (empty($Email) || empty($PasswordHash)) { return AddAlertMessage('danger', 'Неверный запрос на восстановление пароля!', '/'); } $Email = empty($Email) ? '' : Decrypt_Blowfish($Email); $PasswordHash = empty($PasswordHash) ? '' : Decrypt_Blowfish($PasswordHash); $sql = "select PasswordHash " . "from Users " . "where (Email = '{$Email}');"; $user = $this->db->query($sql)->fetch(); if ($PasswordHash != $user['PasswordHash']) { return AddAlertMessage('danger', 'Неверный код восстановления пароля!', '/'); } $this->view->setVars(array('Email' => $Email, 'EncryptedEmail' => GETAsStrOrDef('m', ''), 'EncryptedPasswordHash' => GETAsStrOrDef('h', ''))); } else { $NewPassword = POSTStrAsSQLStr('password'); // если нажали на кнопку "Изменить пароль" if ($NewPassword != POSTStrAsSQLStr('confirmpassword')) { // проверка на всякий случай, но основная работа будет в validation.js ($('#ResetPasswordBtn').click(function(){) return AddAlertMessage('danger', 'Пароли не совпадают', '/auth/resetpassword?m=' . $_POST['EncryptedEmail'] . '&h=' . $_POST['EncryptedPasswordHash']); } $vEmail = Decrypt_Blowfish(POSTStrAsSQLStr('EncryptedEmail')); $sql = "update Users set PasswordHash = '" . EncryptPassword($NewPassword) . "' where Email = '{$vEmail}';"; $this->db->exec($sql); return AddAlertMessage('success', 'Пароль успешно изменен!', '/'); } $this->view->breadcrumbs = array(array('url' => '/auth/password', 'title' => 'Изменение пароля')); $this->view->meta = array('meta_title' => 'Изменение пароля', 'meta_description' => 'Изменение пароля', 'meta_keywords' => ''); $this->view->generate(); }
require_once "requires.php"; if (Pages::GetCurrentPage() == "SMS") { include "pages/sms.php"; exit; } if (is_null($me)) { Pages::SetPage("Login"); if (isset($_POST["login"])) { $username = CleanString($_POST["username"]); $password = $_POST["password"]; if (empty($username) || empty($password)) { $error = "Invalid username or password"; } else { $staff = Staff::GetByUsername($username); if ($staff->IsValid() && $staff->IsActive()) { if ($staff->GetPassword() == EncryptPassword($password)) { Session::Set("sid", $staff->GetID()); Session::Set("secret", $staff->GetPassword()); Pages::SetPage("Dashboard"); UpdateLoggedIn(); } else { $error = "Invalid username or password"; } } else { $error = "Invalid username or password"; } } } } elseif (Pages::GetCurrentPage() == "Typeahead") { include "pages/typeahead.php"; exit;