$message = 'Password must not be more than ' . MAX_PASSWORD_LENGTH . ' chars.'; $password = ''; } //check if user exists if ($dbh_user->check_user($username)->user_exists) { //Good } else { $message = 'Specified username does not exist.'; } if ($message == "") { require 'password_crypto.php'; $hashed_password = cobalt_password_hash('NEW', $password, $username, $new_salt, $new_iteration, $new_method); $data_con = new data_abstraction(); $data_con->set_query_type('UPDATE'); $data_con->set_table('user'); $data_con->set_update("`password`='{$hashed_password}', `salt`='{$new_salt}', `iteration`='{$new_iteration}', `method`='{$new_method}'"); $data_con->set_where("username='******'"); $data_con->make_query(); $message = 'The password has been successfully reset.'; $message_type = 'SYSTEM'; $password = ''; } } } require 'subclasses/user_html.php'; $html = new user_html(); $html->draw_header('Reset Password', $message, $message_type); $html->fields['password']['control_type'] = 'password'; $html->fields['password']['label'] = 'Temporary Password'; $html->exception = array('person_id', 'role_id', 'skin_id'); $html->draw_controls('add', 'Password Reset Form');
$_SESSION['fonts_css'] = $fonts_css; $_SESSION['override_css'] = $override_css; $_SESSION['icon_set'] = $icon_set; if (trim($_SESSION['icon_set'] == '')) { $_SESSION['icon_set'] = 'cobalt'; } } $data_con->close_db(); log_action('Logged in'); //check if user must rehash his password due to updated method or work factor/iterations if (cobalt_password_must_rehash($username)) { $hashed_password = cobalt_password_hash('NEW', $password, $username, $new_salt, $new_iteration, $new_method); $data_con = new data_abstraction(); $data_con->set_query_type('UPDATE'); $data_con->set_table('user'); $data_con->set_update("`password`=?, `salt`=?, `iteration`=?, `method`=?"); $data_con->set_where("username=?"); $bind_params = array('ssiss', $hashed_password, $new_salt, $new_iteration, $new_method, $username); $data_con->stmt_prepare($bind_params); $data_con->stmt_execute(); } redirect('start.php'); } else { $error_message = "Check username and password."; } } else { die($mysqli->error); } $data_con->close_db(); } }
//Update user's assigned role $dbh = new data_abstraction(); $dbh->set_query_type('UPDATE'); $dbh->set_table('user'); $dbh->set_update("role_id='" . quote_smart($role) . "'"); $dbh->set_where("username='******'"); $dbh->make_query(); $dbh->close_db(); //Assign role permissions $dbh->execute_query("INSERT `user_passport` SELECT '" . quote_smart($Username) . "', `link_id` FROM user_role_links WHERE role_id='" . quote_smart($role) . "'"); } else { //Since non-exclusive, set user's role to 0 (no role assigned) $dbh = new data_abstraction(); $dbh->set_query_type('UPDATE'); $dbh->set_table('user'); $dbh->set_update("role_id='0'"); $dbh->set_where("username='******'"); $dbh->make_query(); $dbh->close_db(); //Get the role permissions require_once 'subclasses/user_role_links.php'; $obj_role = new user_role_links(); $obj_role->get_user_role_links($role); $arrLink = $obj_role->dump['link_id']; $numLinks = $obj_role->num_rows; $obj_role->close_db(); //Assign permissions to user $dbh = new data_abstraction(); foreach ($arrLink as $link_id) { $dbh->set_query_type('SELECT'); $dbh->set_table('user_passport');
$check = array(); if (isset($_POST['check'])) { $check = $_POST['check']; } if ($_POST['btn_cancel']) { log_action('Pressed cancel button', $_SERVER['PHP_SELF']); redirect('SetUserPassports.php'); } if ($_POST['btn_delete']) { if (isset($check) && is_array($check)) { $data_con = new data_abstraction(); $data_con->set_query_type('DELETE'); $obj_role = new data_abstraction(); $obj_role->set_query_type('UPDATE'); $obj_role->set_table('user'); $obj_role->set_update("role_id='0'"); foreach ($check as $user) { $data_con->set_table('user_passport'); $data_con->set_where("username='******' AND link_id='" . quote_smart($module) . "'"); $data_con->make_query(); $obj_role->set_where("username='******'"); $obj_role->make_query(); } $data_con->close_db(); $obj_role->close_db(); } else { $message = "Please select at least one user."; } } $data_con = new data_abstraction(); $data_con->set_fields('username');
<?php require_once 'path.php'; init_cobalt('ALLOW_ALL', FALSE); if (xsrf_guard()) { init_var($_POST['btn_cancel']); init_var($_POST['btn_submit']); if ($_POST['btn_cancel']) { redirect(HOME_PAGE); } if ($_POST['btn_submit']) { $skin_id = quote_smart($_POST['skin_id']); $data_con = new data_abstraction(); $data_con->set_query_type('UPDATE'); $data_con->set_table('user'); $data_con->set_update("skin_id='{$skin_id}'"); $data_con->set_where("username='******'user']) . "'"); $data_con->make_query(); $data_con->close_db(); //If the update went ok, we should update the session variables for this. $data_con = new data_abstraction(); $data_con->set_fields('skin_name, header, footer, master_css, colors_css, fonts_css, override_css, icon_set'); $data_con->set_table('system_skins'); $data_con->set_where("skin_id='{$skin_id}'"); $result = $data_con->make_query()->result; $numrows = $data_con->num_rows; $data_con->close_db(); if ($numrows == 1) { $data = $result->fetch_assoc(); extract($data); $_SESSION['header'] = $header;
$data_con->set_fields('link_id, status'); $data_con->set_table('user_links a'); $data_con->set_where("name!='Module Control' {$filter}"); $data_con->set_order('a.descriptive_title'); $result = $data_con->make_query()->result; for ($a = 0; $a < $data_con->num_rows; $a++) { $data = $result->fetch_assoc(); extract($data); $new_module_status = 'Off'; if (in_array($link_id, $arr_module)) { $new_module_status = 'On'; } if ($new_module_status == $status) { //No change in status, do nothing } else { $mod_update_con->set_update("status='{$new_module_status}'"); $mod_update_con->set_where("link_id='{$link_id}'"); $mod_update_con->make_query(); if ($mod_update_con->error != '') { die($mod_update_con->error); } } } $data_con->close_db(); $mod_update_con->close_db(); $message = 'Modules status have been updated.'; $message_type = 'system'; } } $html_writer = new html(); $html_writer->draw_header('Module Control', $message, $message_type);