<?php
include_once 'data.php';
if (isset($_SESSION['auth'])) {
include_once 'functions.php';
// CHANGE USER'S PASSWORD
if (!empty($_GET['change_password']) && !empty($_GET['old_password'])) {
if (empty($_GET['new_password1']) || empty($_GET['new_password2'])) {
die('Error! Password was not changed. New password required.');
}
if ($_GET['new_password1'] !== $_GET['new_password2']) {
die('Error! Password was not changed. New password typo.');
}
$password_changed = NULL;
database_connect(IL_USER_DATABASE_PATH, 'users');
if (check_encrypted_password($dbHandle, $_SESSION['user'], $_GET['old_password'])) {
$user_query = $dbHandle->quote($_SESSION['user_id']);
$new_password_query = $dbHandle->quote(generate_encrypted_password($_GET['new_password1']));
$password_changed = $dbHandle->exec("UPDATE users SET password="******" WHERE userID=" . $user_query);
$error = $dbHandle->errorInfo();
} else {
die('Error! Password was not changed. Existing password is incorrect.');
}
$dbHandle = null;
if ($password_changed !== 1) {
die('Error! Password was not changed. Database error: ' . $error[2]);
}
}
// DELETE A USER
if (!empty($_GET['delete']) && !empty($_GET['id'])) {
database_connect(IL_DATABASE_PATH, 'library');
session_regenerate_id(true);
$_SESSION['user_id'] = $userID;
$_SESSION['user'] = $_POST['user'];
$_SESSION['permissions'] = $permissions;
$_SESSION['auth'] = true;
} else {
/* IF LDAP NOT ENABLED, CHECK THE LOCAL DB */
// CHECK FOR FORMER LDAP USER
$result = $dbHandle->query("SELECT password FROM users WHERE username="******"SELECT userID,permissions FROM users WHERE username=" . $username_quoted);
$user = $result->fetch(PDO::FETCH_ASSOC);
$result = null;
if (!empty($user['userID'])) {
session_regenerate_id(true);
$_SESSION['user_id'] = $user['userID'];
$_SESSION['user'] = $_POST['user'];
$_SESSION['permissions'] = $user['permissions'];
$_SESSION['auth'] = true;
}
} else {
sendError('Bad username or password.');
}
}
$dbHandle = null;
$id = $last_id->fetchColumn();
$last_id = null;
$dbHandle->exec("INSERT INTO projects (userID,project) VALUES ({$id},{$username_quoted} || '''s project', '1')");
}
$result = $dbHandle->query("SELECT userID FROM users WHERE username={$username_quoted} LIMIT 1");
$id = $result->fetchColumn();
$result = null;
$dbHandle->commit();
$_SESSION['user_id'] = $id;
$_SESSION['user'] = $_POST['user'];
$_SESSION['permissions'] = $permissions;
$_SESSION['auth'] = true;
}
} else {
/* IF LDAP NOT ENABLED, CHECK THE LOCAL DB */
if (check_encrypted_password($dbHandle, $username, $password)) {
$result = $dbHandle->query("SELECT userID,permissions FROM users WHERE username=" . $username_quoted);
$user = $result->fetch(PDO::FETCH_ASSOC);
$result = null;
if (!empty($user['userID'])) {
$_SESSION['user_id'] = $user['userID'];
$_SESSION['user'] = $_POST['user'];
$_SESSION['permissions'] = $user['permissions'];
$_SESSION['auth'] = true;
$_SESSION['watermarks'] = '';
}
}
}
/* OK, THIS IS A REGISTERED USER. DO THE PROXY SETTINGS AND CREATE A TEMP DIR */
if (isset($_SESSION['auth'])) {
if ($ini_array['autosign'] == 0) {