$_SESSION['cal_ui'] = $tqvar; } } //END (CHEMED) Calendar UI preference if (isset($_GET['default_warehouse'])) { sqlStatement("UPDATE users SET default_warehouse = '" . formData('default_warehouse', 'G') . "' WHERE id = '" . formData('id', 'G') . "'"); } if (isset($_GET['irnpool'])) { sqlStatement("UPDATE users SET irnpool = '" . formData('irnpool', 'G') . "' WHERE id = '" . formData('id', 'G') . "'"); } if ($_GET["newauthPass"] && $_GET["newauthPass"] != "d41d8cd98f00b204e9800998ecf8427e") { // account for empty $tqvar = formData('newauthPass', 'G'); // When the user password is updated and the password history option is enabled, update the password history in database. A new password expiration is also calculated if ($GLOBALS['password_history'] != 0) { $updatepwd = UpdatePasswordHistory($_GET["id"], $tqvar); } else { sqlStatement("update users set password='******' where id={$_GET["id"]}"); if ($GLOBALS['password_expiration_days'] != 0) { $exp_days = $GLOBALS['password_expiration_days']; $exp_date = date('Y-m-d', strtotime("+{$exp_days} days")); sqlStatement("update users set pwd_expiration_date='{$exp_date}' where id={$userid}"); } } } // for relay health single sign-on if ($_GET["ssi_relayhealth"]) { $tqvar = formData('ssi_relayhealth', 'G'); sqlStatement("update users set ssi_relayhealth = '{$tqvar}' where id = {$_GET["id"]}"); } $tqvar = $_GET["authorized"] ? 1 : 0;
?> </span> <br><br> <?php $update_pwd_failed = 0; $ip = $_SERVER['REMOTE_ADDR']; if ($_GET["mode"] == "update") { if ($_GET["authPass"] && $_GET["authPass2"] && $_GET["authPass"] != "da39a3ee5e6b4b0d3255bfef95601890afd80709") { // account for empty $tqvar = addslashes($_GET["authPass"]); $tqvar2 = addslashes($_GET["authPass2"]); if ($tqvar == $tqvar2) { // Validating the password if ($GLOBALS['password_history'] != 0) { $updatepwd = UpdatePasswordHistory($_SESSION["authId"], $tqvar); } else { sqlStatement("update users set password='******' where id={$_SESSION["authId"]}"); $updatepwd = 1; } if ($updatepwd == 1) { echo "<span class='alert'>" . xl("Password change successful.", '', '', ' ') . xl("Click") . "<a href='{$rootdir}/logout.php?auth=logout' class=link_submit>" . xl("here", '', ' ', ' ') . "</a>" . xl("to login again") . ".<br><br></span>"; } else { $update_pwd_failed = 1; } } else { echo "<span class=alert>" . xl("Error: passwords don't match. Please check your typing.") . "</span><br><br>\n"; } } } $res = sqlStatement("select * from users where id={$_SESSION["authId"]}");