return;
}
$user_id = Token::getOwner('activation_code', $this->token);
if (!$user_id) {
throw new \Exception('token dont exist');
}
if ($session->id && $user_id != $session->id) {
throw new \Exception('HACKER stop doing that!');
}
if ($session->id) {
echo '<div class="critical">You are already logged in! Are you sure you want to reset your password?</div>';
}
if (isset($_POST['reset_pwd']) && isset($_POST['reset_pwd2'])) {
/// TODO reuse code from register user
if ($_POST['reset_pwd'] == $_POST['reset_pwd2']) {
UserHandler::setPassword($user_id, $_POST['reset_pwd']);
$session->login($user->name, $_POST['reset_pwd']);
echo '<div class="okay">Your password has been reset. You have been logged in.</div>';
// delete consumed token
Token::delete($user_id, 'activation_code');
return;
} else {
$error->add('The passwords dont match');
}
}
echo $error->render(true);
echo 'Reset password for user <b>' . $user->name . '</b>';
$header->registerJsFunction('function validate_reset_pwd_form(frm)' . '{' . 'if (!frm.reset_pwd.value||!frm.reset_pwd2.value)' . 'return false;' . 'return true;' . '}');
//XXXX use XhtmlForm class, it needs a way to show the images first
echo xhtmlForm('reg_frm', '', '', '', 'return validate_reset_pwd_form(this);');
echo '<table cellpadding="2">';
function handleEditPassword($p)
{
$error = ErrorHandler::getInstance();
$session = SessionHandler::getInstance();
$u = User::getExact($session->type, $session->id, $session->username, $p['curr_pwd']);
if (!$u) {
$error->add('Current password is not correct');
return false;
}
if ($p['new_pwd'] != $p['new_pwd2']) {
$error->add('passwords dont match');
return false;
}
if (!$p['new_pwd']) {
$error->add('no password entered');
return false;
}
UserHandler::setPassword($session->id, $p['new_pwd']);
js_redirect('u/edit');
}
}
echo 'Last IP: ' . $user->last_ip . '<br/>';
echo '<br/>';
if ($session->id != $this->owner && isset($_GET['remove'])) {
if (confirmed('Are you sure you want to remove this user?')) {
$user->remove();
echo '<div class="item">User removed</div>';
}
return;
}
if (!empty($_POST['change_pwd'])) {
if (Password::isForbidden($_POST['change_pwd'])) {
echo '<div class="item">Weak password was chosen, password has not been changed!</div>';
return;
}
UserHandler::setPassword($user->id, $_POST['change_pwd']);
echo '<div class="item">Password changed!</div>';
return;
}
if (!empty($_POST['setting_name']) && isset($_POST['setting_val'])) {
UserSetting::set($user->id, $_POST['setting_name'], $_POST['setting_val']);
echo '<div class="good">Setting added!</div>';
}
if (!empty($_GET['remove_setting'])) {
UserSetting::delete($user->id, $_GET['remove_setting']);
echo '<div class="good">Setting removed!</div>';
}
// save changes in edited settings
if (!empty($_POST)) {
$settings = UserSetting::getAll($user->id);
foreach ($settings as $set) {
