<?php include_once 'data.php'; if (isset($_SESSION['auth'])) { include_once 'functions.php'; // CHANGE USER'S PASSWORD if (!empty($_GET['change_password']) && !empty($_GET['old_password'])) { if (empty($_GET['new_password1']) || empty($_GET['new_password2'])) { die('Error! Password was not changed. New password required.'); } if ($_GET['new_password1'] !== $_GET['new_password2']) { die('Error! Password was not changed. New password typo.'); } $password_changed = NULL; database_connect(IL_USER_DATABASE_PATH, 'users'); if (check_encrypted_password($dbHandle, $_SESSION['user'], $_GET['old_password'])) { $user_query = $dbHandle->quote($_SESSION['user_id']); $new_password_query = $dbHandle->quote(generate_encrypted_password($_GET['new_password1'])); $password_changed = $dbHandle->exec("UPDATE users SET password="******" WHERE userID=" . $user_query); $error = $dbHandle->errorInfo(); } else { die('Error! Password was not changed. Existing password is incorrect.'); } $dbHandle = null; if ($password_changed !== 1) { die('Error! Password was not changed. Database error: ' . $error[2]); } } // DELETE A USER if (!empty($_GET['delete']) && !empty($_GET['id'])) { database_connect(IL_DATABASE_PATH, 'library');
session_regenerate_id(true); $_SESSION['user_id'] = $userID; $_SESSION['user'] = $_POST['user']; $_SESSION['permissions'] = $permissions; $_SESSION['auth'] = true; } else { /* IF LDAP NOT ENABLED, CHECK THE LOCAL DB */ // CHECK FOR FORMER LDAP USER $result = $dbHandle->query("SELECT password FROM users WHERE username="******"SELECT userID,permissions FROM users WHERE username=" . $username_quoted); $user = $result->fetch(PDO::FETCH_ASSOC); $result = null; if (!empty($user['userID'])) { session_regenerate_id(true); $_SESSION['user_id'] = $user['userID']; $_SESSION['user'] = $_POST['user']; $_SESSION['permissions'] = $user['permissions']; $_SESSION['auth'] = true; } } else { sendError('Bad username or password.'); } } $dbHandle = null;
$id = $last_id->fetchColumn(); $last_id = null; $dbHandle->exec("INSERT INTO projects (userID,project) VALUES ({$id},{$username_quoted} || '''s project', '1')"); } $result = $dbHandle->query("SELECT userID FROM users WHERE username={$username_quoted} LIMIT 1"); $id = $result->fetchColumn(); $result = null; $dbHandle->commit(); $_SESSION['user_id'] = $id; $_SESSION['user'] = $_POST['user']; $_SESSION['permissions'] = $permissions; $_SESSION['auth'] = true; } } else { /* IF LDAP NOT ENABLED, CHECK THE LOCAL DB */ if (check_encrypted_password($dbHandle, $username, $password)) { $result = $dbHandle->query("SELECT userID,permissions FROM users WHERE username=" . $username_quoted); $user = $result->fetch(PDO::FETCH_ASSOC); $result = null; if (!empty($user['userID'])) { $_SESSION['user_id'] = $user['userID']; $_SESSION['user'] = $_POST['user']; $_SESSION['permissions'] = $user['permissions']; $_SESSION['auth'] = true; $_SESSION['watermarks'] = ''; } } } /* OK, THIS IS A REGISTERED USER. DO THE PROXY SETTINGS AND CREATE A TEMP DIR */ if (isset($_SESSION['auth'])) { if ($ini_array['autosign'] == 0) {