for ($g = 0; $g < count($submitted_group); $g++) { if (!in_array($submitted_group[$g], $available_group) && $submitted_group[$g]) { $validate = array(false, sumo_get_message('GroupNotAvailable', $submitted_group[$g])); break; } if (!in_array('sumo', $SUMO['user']['group']) || $submitted_group[$g] == 'sumo') { if ($SUMO['user']['group_level'][$submitted_group[$g]] < $submitted_group_level[$submitted_group[$g]] || $SUMO['user']['group_level'][$submitted_group[$g]] < $tab['group_level'][$submitted_group[$g]]) { $submitted_group_level[$submitted_group[$g]] = $tab['group_level'][$submitted_group[$g]]; } // User can't change his group level if ($_GET['id'] == $SUMO['user']['id'] && $submitted_group_level[$submitted_group[$g]] != $SUMO['user']['group_level'][$submitted_group[$g]]) { $validate = array(false, sumo_get_message('WrongLevel', $submitted_group_level[$submitted_group[$g]])); } } } } if (!$validate[0]) { $tpl['MESSAGE:H'] = $language['UserNotUpdated'] . ": " . $validate[1]; } else { $update = sumo_update_user_data(array('id' => $_GET['id'], 'username' => $_POST['user'], 'firstname' => $_POST['firstname'], 'lastname' => $_POST['lastname'], 'active' => $_POST['active'], 'email' => $_POST['email'], 'language' => $_POST['language'], 'datasource_id' => $_POST['datasource_id'], 'usergroup' => $_POST['group'], 'ip' => $_POST['ip'], 'day_limit' => $_POST['day_limit'], 'password' => $_POST['new_password'])); if ($update) { $tpl['MESSAGE:L'] = $language['UserUpdated']; } else { $tpl['MESSAGE:H'] = $language['UserNotUpdated']; } } require "action.edit.php"; } else { $action_error = true; $tpl['MESSAGE:H'] = $language['AccessDenied']; }
<?php /** * SUMO MODULE: Users | Modify password * * @version 0.5.0 * @link http://sumoam.sourceforge.net SUMO Access Manager * @author Alberto Basso <*****@*****.**> * @copyright Copyright © 2003-2009, Alberto Basso * @package SUMO * @category Console */ if ($_POST['new_password'] != $_POST['renew_password'] && $_POST['new_password'] != "") { $tpl['MESSAGE:M'] = $language['PwdMismatch']; } else { $data = array('id' => $SUMO['user']['id'], 'language' => $SUMO['user']['language'], 'firstname' => $SUMO['user']['firstname'], 'lastname' => $SUMO['user']['lastname'], 'email' => $SUMO['user']['email'], 'password' => sha1($_POST['new_password']), 'datasource_id' => 1, 'active' => 1); $update = sumo_update_user_data($data); if ($update) { $tpl['MESSAGE:L'] = $language['PwdUpdated']; $tpl['GET:WindowScripts'] = 'sumo_remove_window("users");'; } else { $tpl['MESSAGE:H'] = $language['PwdNotUpdated']; } } $_SESSION['action'] = 'edit_password'; require "action.edit_password.php";