public function display()
{
$template = new Template();
$template->load("plugin_changepassword_changepassword");
$template->show_if('PASSWORD_WRONG', false);
$template->show_if('SUCCESSFUL', false);
$template->show_if('OLD_PASSWORD_WRONG', false);
if (isset($_REQUEST['old_password']) && !empty($_REQUEST['old_password']) && is_string($_REQUEST['old_password']) && isset($_REQUEST['new_password']) && !empty($_REQUEST['new_password']) && is_string($_REQUEST['new_password']) && isset($_REQUEST['confirm_password']) && !empty($_REQUEST['confirm_password']) && is_string($_REQUEST['confirm_password'])) {
$old_password = DataBase::Current()->EscapeString($_REQUEST['old_password']);
$new_password = DataBase::Current()->EscapeString($_REQUEST['new_password']);
$confirm_password = DataBase::Current()->EscapeString($_REQUEST['confirm_password']);
if ($new_password != $confirm_password) {
$template->show_if('PASSWORD_WRONG', true);
} else {
$password = DataBase::Current()->EscapeString(md5($new_password . Settings::getInstance()->get("salt")));
$old_password = DataBase::Current()->EscapeString(md5($old_password . Settings::getInstance()->get("salt")));
$db_password = DataBase::Current()->ReadField("SELECT `password` FROM `{'dbprefix'}user` WHERE `id` = '" . User::Current()->id . "'; ");
if ($db_password && $db_password != null) {
if ($db_password != $old_password) {
$template->show_if('OLD_PASSWORD_WRONG', true);
} else {
DataBase::Current()->Execute("UPDATE `{'dbprefix'}user` SET `password` = '" . $password . "' WHERE `id` = '" . User::Current()->id . "'; ");
$template->show_if('SUCCESSFUL', true);
EventManager::raiseEvent("plugin_changepassword_change", array('old_password' => $old_password, 'new_password' => $password, 'userid' => User::Current()->id));
Cache::clear("tables", "userlist");
}
} else {
//Der User ist nicht in der Datenbank aufgeführt.
}
}
}
$template->assign_var('ACTION', UrlRewriting::GetUrlByAlias($this->page->alias));
echo $template->getCode();
}
/**
*
* @param string $base
* @param string $file
* @return boolean
*/
public static function upload($base, $file)
{
$res = false;
if (self::checkUploadFile($file)) {
$tempname = $file['tmp_name'];
$name = $file['name'];
$res = copy($tempname, $base . "/" . $name);
$args['name'] = $base . "/" . $name;
if ($res) {
EventManager::raiseEvent("file_uploaded", $args);
}
}
return $res;
}
/**
*
* @param string $name
* @param string $dir
* @return int
*/
public static function create($name, $dir = "")
{
$name = DataBase::Current()->EscapeString($name);
$dir = DataBase::Current()->EscapeString($dir);
$res = DataBase::Current()->Execute("INSERT INTO {'dbprefix'}forms (name, dir) VALUES ('" . $name . "', '" . $dir . "')");
if ($res) {
$args['name'] = $name;
EventManager::raiseEvent("form_created", $args);
}
return DataBase::Current()->InsertID();
}
