public static function EditByUsername($username, $name, $password, $building, $email, $phone_number)
{
global $database;
if (strlen($password > 0)) {
$hashed = EncryptPassword($password);
$statement = $database->prepare("UPDATE staff SET name=?, building=?, email=?, phone_number=?, password=? WHERE username=?");
} else {
$statement = $database->prepare("UPDATE staff SET name=?, building=?, email=?, phone_number=? WHERE username=?");
}
$statement->bindParam(1, $name, PDO::PARAM_STR);
$statement->bindParam(2, $building, PDO::PARAM_STR);
$statement->bindParam(3, $email, PDO::PARAM_STR);
$statement->bindParam(4, $phone_number, PDO::PARAM_STR);
if (strlen($password > 0)) {
$statement->bindParam(5, $hashed, PDO::PARAM_STR);
$statement->bindParam(6, $username, PDO::PARAM_STR);
} else {
$statement->bindParam(5, $username, PDO::PARAM_STR);
}
$statement->execute();
}
$name = $_POST["name"];
$building = $_POST["building"];
$email = CleanString($_POST["email"]);
$phone_number = CleanString($_POST["phone_number"]);
$type = $_POST["type"];
if (empty($name) || empty($building) || empty($email) || empty($phone_number)) {
ShowError("One or more fields were empty!");
} elseif ($password != $password_confirm) {
ShowError("Passwords did not match! Go back and try again.");
} elseif (!Building::Exists($building) && $building !== "N/A") {
ShowError("Invalid building.");
} elseif ($me->GetID() == $staff->GetID() && $me->GetType() != $type) {
ShowError("You can't change your account access!");
} else {
if (strlen($password) > 0) {
$staff->SetPassword(EncryptPassword($password));
}
$staff->Edit($name, $type, $building, $email, $phone_number);
ShowInfo("Edited Staff Member Successfully");
RedirectTimer("admin&staff", 3);
}
} elseif (isset($_GET["edit"])) {
?>
<form class="form-horizontal" role="form" method="post">
<div class="form-group">
<label for="username">Username</label>
<input type="text" class="form-control" id="username" name="username" value="<?php
echo $staff->GetUsername();
?>
" disabled>
</div>
<?php
if (isset($_POST["save"])) {
$password = $_POST["password"];
$password_confirm = $_POST["password_confirm"];
$name = $_POST["name"];
$email = CleanString($_POST["email"]);
$phone_number = CleanString($_POST["phone_number"]);
if (empty($name) || empty($email) || empty($phone_number)) {
ShowError("One or more fields were empty!");
} elseif ($password != $password_confirm) {
ShowError("Passwords did not match! Go back and try again.");
} else {
if (strlen($password) > 0) {
$me->SetPassword(EncryptPassword($password));
}
$me->Edit($name, $me->GetType(), $me->GetBuilding(), $email, $phone_number);
ShowInfo("Saved Settings");
}
}
?>
<div class="container">
<div class="row">
<div class="col-sm-4">
<form class="form-horizontal" role="form" method="post">
<div class="form-group">
<label for="password">Password</label>
<input type="password" class="form-control" id="password" name="password" placeholder="Password">
<p class="help-block">Leave blank to keep the current password.</p>
</div>
public function resetpasswordAction()
{
if (!Tools::isPost()) {
// если открыли форму ссылкой из письма
$Email = GETAsStrOrDef('m', '');
$PasswordHash = GETAsStrOrDef('h', '');
if (empty($Email) || empty($PasswordHash)) {
return AddAlertMessage('danger', 'Неверный запрос на восстановление пароля!', '/');
}
$Email = empty($Email) ? '' : Decrypt_Blowfish($Email);
$PasswordHash = empty($PasswordHash) ? '' : Decrypt_Blowfish($PasswordHash);
$sql = "select PasswordHash " . "from Users " . "where (Email = '{$Email}');";
$user = $this->db->query($sql)->fetch();
if ($PasswordHash != $user['PasswordHash']) {
return AddAlertMessage('danger', 'Неверный код восстановления пароля!', '/');
}
$this->view->setVars(array('Email' => $Email, 'EncryptedEmail' => GETAsStrOrDef('m', ''), 'EncryptedPasswordHash' => GETAsStrOrDef('h', '')));
} else {
$NewPassword = POSTStrAsSQLStr('password');
// если нажали на кнопку "Изменить пароль"
if ($NewPassword != POSTStrAsSQLStr('confirmpassword')) {
// проверка на всякий случай, но основная работа будет в validation.js ($('#ResetPasswordBtn').click(function(){)
return AddAlertMessage('danger', 'Пароли не совпадают', '/auth/resetpassword?m=' . $_POST['EncryptedEmail'] . '&h=' . $_POST['EncryptedPasswordHash']);
}
$vEmail = Decrypt_Blowfish(POSTStrAsSQLStr('EncryptedEmail'));
$sql = "update Users set PasswordHash = '" . EncryptPassword($NewPassword) . "' where Email = '{$vEmail}';";
$this->db->exec($sql);
return AddAlertMessage('success', 'Пароль успешно изменен!', '/');
}
$this->view->breadcrumbs = array(array('url' => '/auth/password', 'title' => 'Изменение пароля'));
$this->view->meta = array('meta_title' => 'Изменение пароля', 'meta_description' => 'Изменение пароля', 'meta_keywords' => '');
$this->view->generate();
}
require_once "requires.php";
if (Pages::GetCurrentPage() == "SMS") {
include "pages/sms.php";
exit;
}
if (is_null($me)) {
Pages::SetPage("Login");
if (isset($_POST["login"])) {
$username = CleanString($_POST["username"]);
$password = $_POST["password"];
if (empty($username) || empty($password)) {
$error = "Invalid username or password";
} else {
$staff = Staff::GetByUsername($username);
if ($staff->IsValid() && $staff->IsActive()) {
if ($staff->GetPassword() == EncryptPassword($password)) {
Session::Set("sid", $staff->GetID());
Session::Set("secret", $staff->GetPassword());
Pages::SetPage("Dashboard");
UpdateLoggedIn();
} else {
$error = "Invalid username or password";
}
} else {
$error = "Invalid username or password";
}
}
}
} elseif (Pages::GetCurrentPage() == "Typeahead") {
include "pages/typeahead.php";
exit;
