} else { if ($op == 'edit') { $user_id = makeSane($_POST['id']); $sql = "UPDATE {$pilotsTable} SET \n\t\t\tcountryCode='" . makeSane($_POST['countryCode']) . "',\n\t\t\tCIVL_ID='" . makeSane($_POST['CIVL_ID']) . "',\n\t\t\tCIVL_NAME='" . makeSane($_POST['CIVL_NAME'], 2) . "',\n\t\t\tFirstName='" . makeSane($_POST['FirstName'], 2) . "',\n\t\t\tLastName='" . makeSane($_POST['LastName'], 2) . "',\n\t\t\tSex='" . makeSane($_POST['Sex']) . "',\n\t\t\tBirthdate='" . makeSane($_POST['Birthdate']) . "' \n\t\t\tWHERE pilotID={$user_id} AND serverID=0"; if (!$db->sql_query($sql)) { echo "Error in query : {$sql}<BR>"; } $sql = "UPDATE " . $CONF['userdb']['users_table'] . " SET \n\t\t\tusername='******'username'], 2) . "',\n\t\t\tuser_email='" . makeSane($_POST['user_email'], 2) . "'\t\t\n\t\t\tWHERE user_id={$user_id} "; if (!$db->sql_query($sql)) { echo "Error in query : {$sql}<BR>"; } // change password ? $user_password = makeSane($_POST['user_password'], 2); if ($user_password) { require_once dirname(__FILE__) . "/CL_user.php"; $res = LeoUser::changePassword($user_id, $user_password); if ($res > 0) { echo _PwdChanged; } else { echo _PwdChangeProblem; if ($res == -2) { printf(': ' . _PwdTooShort, $CONF_password_minlength); } } } exit; } } } // to the url parameter are added 4 parameters as described in colModel // we should get these parameters to construct the needed query
/** * Martin Jursa 26.04.2007 * Save email and password to user table if the respective options are set * returns a resultmessage * * @param int $userID * @param string $newEmail * @param string $newPassword * @param string $newPasswordConfirmation * @return string */ function saveLoginData($userID, $newEmail, $newPassword, $newPasswordConfirmation) { global $db; global $CONF_edit_login; global $CONF_edit_email; global $CONF_password_minlength; global $CONF; $goodmsgs = array(); $errmsgs = array(); if (!$CONF['userdb']['edit']['enabled']) { $errmsgs[] = 'saveLoginData requires turning on CONF["userdb"]["edit"]["enabled"].'; } elseif (empty($userID)) { $errmsgs[] = 'UserID is missing; cannot update login data.'; } else { if ($CONF['userdb']['edit']['edit_email'] && $newEmail != '#same_as_old#leonardo#') { if (empty($newEmail)) { $errmsgs[] = _EmailEmpty; } else { $saved = false; $email = emailChecked($newEmail); if ($email == '') { $errmsgs[] = _EmailInvalid; } else { if (LeoUser::changeEmail($userID, $email) > 0) { $saved = true; $goodmsgs[] = _EmailSaved; } else { $errmsgs[] = _EmailSaveProblem; } /* $sql='UPDATE '.$CONF['userdb']['users_table']." SET user_email='$email' WHERE user_id=$userID"; $res=$db->sql_query($sql); if($res<=0){ $errmsgs[]=_EmailSaveProblem; }else { //$goodmsgs[]=_EmailSaved; $saved=true; } */ } if (!$saved) { $errmsgs[] = _EmailNotSaved; } } } $newPassword = trim($newPassword); $newPasswordConfirmation = trim($newPasswordConfirmation); if ($CONF['userdb']['edit']['edit_password'] && $newPassword) { $saved = false; $passwordMinLength = !empty($CONF['userdb']['edit']['password_minlength']) ? $CONF['userdb']['edit']['password_minlength'] : 4; if ($newPasswordConfirmation == '') { $errmsgs[] = _PwdConfEmpty; } elseif (strlen($newPassword) < $passwordMinLength) { $pwdMsg = sprintf(_PwdTooShort, $passwordMinLength); $errmsgs[] = $pwdMsg; } elseif ($newPassword != $newPasswordConfirmation) { $errmsgs[] = _PwdAndConfDontMatch; } else { if (LeoUser::changePassword($userID, $newPassword) > 0) { $saved = true; $goodmsgs[] = _PwdChanged; } else { $errmsgs[] = _PwdChangeProblem; } /* $pwd=md5($newPassword); $sql='UPDATE '.$CONF['userdb']['users_table']." SET user_password='******' WHERE user_id=$userID"; $res=$db->sql_query($sql); if($res<=0){ $errmsgs[]=_PwdChangeProblem; }else { $goodmsgs[]=_PwdChanged; $saved=true; } */ } if (!$saved) { $errmsgs[] = _PwdNotChanged; } } } $message = ''; if (count($goodmsgs) > 0) { $message .= '<span class="ok">' . implode('<br>', $goodmsgs) . '</span>'; } if (count($errmsgs) > 0) { $message .= '<span class="alert">' . implode('<br>', $errmsgs) . '</span>'; } return $message; }