function authenticate($username, $password)
{
$encrypted_old = md5($password);
$row = dbFetchRow("SELECT `username`, `password` FROM `users` WHERE `username`= ?", array($username));
if ($row['username'] && $row['username'] == $username) {
// Migrate from old, unhashed password
if ($row['password'] == $encrypted_old) {
$row = dbFetchRow("DESCRIBE `users` `password`");
if ($row['Type'] == 'varchar(34)') {
auth_change_password($username, $password);
}
return 1;
}
if ($row['password'] == crypt($password, $row['password'])) {
return 1;
}
}
session_logout();
return 0;
}
include_once "auth.inc.php";
$result = array("error" => "");
$action = $_POST["action"];
if (!is_admin()) {
$result["error"] = "musisz być administratorem";
die(json_encode($result));
}
switch ($action) {
case "remove":
$username = $_POST["username"];
auth_remove_user($username);
break;
case "edit":
$username = $_POST["username"];
$password = $_POST["password"];
$is_admin = $_POST["is_admin"];
if (!empty($password)) {
auth_change_password($username, $password);
}
auth_change_is_admin($username, $is_admin == "true" ? 1 : 0);
break;
case "add":
$username = $_POST["username"];
$password = $_POST["password"];
$is_admin = $_POST["is_admin"];
auth_add_user($username, $password, $is_admin == "true" ? 1 : 0);
break;
default:
$result["error"] = "unknown command '{$action}'";
}
echo utf8_encode(json_encode($result));
<?php
include_once "auth.inc.php";
$result = array("error" => "");
$action = $_POST["action"];
switch ($action) {
case "change_password":
$old_password = $_POST["old_password"];
$new_password = $_POST["new_password"];
if (!is_logged()) {
$result["error"] = "musisz się zalogować";
break;
}
if (!auth_check_password(username(), $old_password)) {
$result["error"] = "stare hasło nie pasuje";
break;
}
auth_change_password(username(), $new_password);
break;
default:
$result["error"] = "unknown command '{$action}'";
}
echo utf8_encode(json_encode($result));
</div>
</div>
</div>
</form>
<?php
if ($vars['user_id']) {
if ($vars['action'] == "deleteuser") {
include "pages/edituser/deleteuser.inc.php";
} else {
// Perform actions if requested
if (auth_can_change_password($user_data['username']) && $vars['action'] == "changepass") {
if ($vars['new_pass'] == "" || $vars['new_pass2'] == "") {
print_warning("密码不能留空.");
} elseif ($vars['new_pass'] == $vars['new_pass2']) {
auth_change_password($user_data['username'], $vars['new_pass']);
print_message("密码已更改.");
} else {
print_error("密码不匹配!");
}
}
// FIXME broken PoS code.
if ($vars['action'] == "becomeuser") {
$_SESSION['origusername'] = $_SESSION['username'];
$_SESSION['username'] = $user_data['username'];
header('位置: ' . $config['base_url']);
dbInsert(array('user' => $_SESSION['origusername'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => '成为 ' . $_SESSION['username']), 'authlog');
include "includes/authenticate.inc.php";
}
if ($vars['action'] == "perm_del") {
if (dbFetchCell("SELECT COUNT(*) FROM `entity_permissions` WHERE `entity_type` = ? AND `entity_id` = ? AND `user_id` = ?", array($vars['entity_type'], $vars['entity_id'], $vars['user_id']))) {
$navbar['options_right']['add']['url'] = '#add_contact_modal';
$navbar['options_right']['add']['link_opts'] = 'data-toggle="modal"';
$navbar['options_right']['add']['text'] = 'Add Contact';
$navbar['options_right']['add']['icon'] = 'oicon-mail--plus';
*/
// Print out the navbar defined above
print_navbar($navbar);
unset($navbar);
// Change password
if ($vars['password'] == "save") {
if (authenticate($_SESSION['username'], $vars['old_pass'])) {
if ($vars['new_pass'] == "" || $vars['new_pass2'] == "") {
print_warning("Password must not be blank.");
} else {
if ($vars['new_pass'] == $vars['new_pass2']) {
auth_change_password($_SESSION['username'], $vars['new_pass']);
print_success("Password Changed.");
} else {
print_warning("Passwords don't match.");
}
}
} else {
print_warning("Incorrect password");
}
}
unset($prefs);
if (is_numeric($_SESSION['user_id'])) {
$user_id = $_SESSION['user_id'];
$prefs = get_user_prefs($user_id);
// Reset RSS/Atom key
if ($vars['atom_key'] == "toggle") {
* Copyright (C) 2006-2014, Adam Armstrong - http://www.observium.org
*
* @package observium
* @subpackage webui
* @author Adam Armstrong <*****@*****.**>
* @copyright (C) 2006-2014 Adam Armstrong
*
*/
$pagetitle[] = "User preferences";
// Change password
if ($_POST['password'] == "save") {
if (authenticate($_SESSION['username'], $_POST['old_pass'])) {
if ($_POST['new_pass'] == "" || $_POST['new_pass2'] == "") {
print_warning("Password must not be blank.");
} elseif ($_POST['new_pass'] == $_POST['new_pass2']) {
auth_change_password($_SESSION['username'], $_POST['new_pass']);
print_success("Password Changed.");
} else {
print_warning("Passwords don't match.");
}
} else {
print_warning("Incorrect password");
}
}
unset($prefs);
if (is_numeric($_SESSION['user_id'])) {
$user_id = $_SESSION['user_id'];
$prefs = get_user_prefs($user_id);
// Reset RSS/Atom key
if ($_POST['atom_key'] == "toggle") {
if (set_user_pref($user_id, 'atom_key', md5(strgen()))) {
</div>
</div>
</div>
</form>
<?php
if ($vars['user_id']) {
if ($vars['action'] == "deleteuser") {
include "pages/edituser/deleteuser.inc.php";
} else {
// Perform actions if requested
if (auth_can_change_password($user_data['username']) && $vars['action'] == "changepass") {
if ($_POST['new_pass'] == "" || $_POST['new_pass2'] == "") {
print_warning("Password cannot be blank.");
} elseif ($_POST['new_pass'] == $_POST['new_pass2']) {
auth_change_password($user_data['username'], $_POST['new_pass']);
print_message("Password Changed.");
} else {
print_error("Passwords don't match!");
}
}
// FIXME broken PoS code.
if ($vars['action'] == "becomeuser") {
$_SESSION['origusername'] = $_SESSION['username'];
$_SESSION['username'] = $user_data['username'];
header('Location: ' . $config['base_url']);
dbInsert(array('user' => $_SESSION['origusername'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Became ' . $_SESSION['username']), 'authlog');
include "includes/authenticate.inc.php";
}
if ($vars['action'] == "perm_del") {
if (dbFetchCell("SELECT COUNT(*) FROM `entity_permissions` WHERE `entity_type` = ? AND `entity_id` = ? AND `user_id` = ?", array($vars['entity_type'], $vars['entity_id'], $vars['user_id']))) {
