$message = 'Password must not be more than ' . MAX_PASSWORD_LENGTH . ' chars.';
$password = '';
}
//check if user exists
if ($dbh_user->check_user($username)->user_exists) {
//Good
} else {
$message = 'Specified username does not exist.';
}
if ($message == "") {
require 'password_crypto.php';
$hashed_password = cobalt_password_hash('NEW', $password, $username, $new_salt, $new_iteration, $new_method);
$data_con = new data_abstraction();
$data_con->set_query_type('UPDATE');
$data_con->set_table('user');
$data_con->set_update("`password`='{$hashed_password}', `salt`='{$new_salt}', `iteration`='{$new_iteration}', `method`='{$new_method}'");
$data_con->set_where("username='******'");
$data_con->make_query();
$message = 'The password has been successfully reset.';
$message_type = 'SYSTEM';
$password = '';
}
}
}
require 'subclasses/user_html.php';
$html = new user_html();
$html->draw_header('Reset Password', $message, $message_type);
$html->fields['password']['control_type'] = 'password';
$html->fields['password']['label'] = 'Temporary Password';
$html->exception = array('person_id', 'role_id', 'skin_id');
$html->draw_controls('add', 'Password Reset Form');
$_SESSION['fonts_css'] = $fonts_css;
$_SESSION['override_css'] = $override_css;
$_SESSION['icon_set'] = $icon_set;
if (trim($_SESSION['icon_set'] == '')) {
$_SESSION['icon_set'] = 'cobalt';
}
}
$data_con->close_db();
log_action('Logged in');
//check if user must rehash his password due to updated method or work factor/iterations
if (cobalt_password_must_rehash($username)) {
$hashed_password = cobalt_password_hash('NEW', $password, $username, $new_salt, $new_iteration, $new_method);
$data_con = new data_abstraction();
$data_con->set_query_type('UPDATE');
$data_con->set_table('user');
$data_con->set_update("`password`=?, `salt`=?, `iteration`=?, `method`=?");
$data_con->set_where("username=?");
$bind_params = array('ssiss', $hashed_password, $new_salt, $new_iteration, $new_method, $username);
$data_con->stmt_prepare($bind_params);
$data_con->stmt_execute();
}
redirect('start.php');
} else {
$error_message = "Check username and password.";
}
} else {
die($mysqli->error);
}
$data_con->close_db();
}
}
//Update user's assigned role
$dbh = new data_abstraction();
$dbh->set_query_type('UPDATE');
$dbh->set_table('user');
$dbh->set_update("role_id='" . quote_smart($role) . "'");
$dbh->set_where("username='******'");
$dbh->make_query();
$dbh->close_db();
//Assign role permissions
$dbh->execute_query("INSERT `user_passport` SELECT '" . quote_smart($Username) . "', `link_id` FROM user_role_links WHERE role_id='" . quote_smart($role) . "'");
} else {
//Since non-exclusive, set user's role to 0 (no role assigned)
$dbh = new data_abstraction();
$dbh->set_query_type('UPDATE');
$dbh->set_table('user');
$dbh->set_update("role_id='0'");
$dbh->set_where("username='******'");
$dbh->make_query();
$dbh->close_db();
//Get the role permissions
require_once 'subclasses/user_role_links.php';
$obj_role = new user_role_links();
$obj_role->get_user_role_links($role);
$arrLink = $obj_role->dump['link_id'];
$numLinks = $obj_role->num_rows;
$obj_role->close_db();
//Assign permissions to user
$dbh = new data_abstraction();
foreach ($arrLink as $link_id) {
$dbh->set_query_type('SELECT');
$dbh->set_table('user_passport');
$check = array();
if (isset($_POST['check'])) {
$check = $_POST['check'];
}
if ($_POST['btn_cancel']) {
log_action('Pressed cancel button', $_SERVER['PHP_SELF']);
redirect('SetUserPassports.php');
}
if ($_POST['btn_delete']) {
if (isset($check) && is_array($check)) {
$data_con = new data_abstraction();
$data_con->set_query_type('DELETE');
$obj_role = new data_abstraction();
$obj_role->set_query_type('UPDATE');
$obj_role->set_table('user');
$obj_role->set_update("role_id='0'");
foreach ($check as $user) {
$data_con->set_table('user_passport');
$data_con->set_where("username='******' AND link_id='" . quote_smart($module) . "'");
$data_con->make_query();
$obj_role->set_where("username='******'");
$obj_role->make_query();
}
$data_con->close_db();
$obj_role->close_db();
} else {
$message = "Please select at least one user.";
}
}
$data_con = new data_abstraction();
$data_con->set_fields('username');
<?php
require_once 'path.php';
init_cobalt('ALLOW_ALL', FALSE);
if (xsrf_guard()) {
init_var($_POST['btn_cancel']);
init_var($_POST['btn_submit']);
if ($_POST['btn_cancel']) {
redirect(HOME_PAGE);
}
if ($_POST['btn_submit']) {
$skin_id = quote_smart($_POST['skin_id']);
$data_con = new data_abstraction();
$data_con->set_query_type('UPDATE');
$data_con->set_table('user');
$data_con->set_update("skin_id='{$skin_id}'");
$data_con->set_where("username='******'user']) . "'");
$data_con->make_query();
$data_con->close_db();
//If the update went ok, we should update the session variables for this.
$data_con = new data_abstraction();
$data_con->set_fields('skin_name, header, footer, master_css, colors_css, fonts_css, override_css, icon_set');
$data_con->set_table('system_skins');
$data_con->set_where("skin_id='{$skin_id}'");
$result = $data_con->make_query()->result;
$numrows = $data_con->num_rows;
$data_con->close_db();
if ($numrows == 1) {
$data = $result->fetch_assoc();
extract($data);
$_SESSION['header'] = $header;
$data_con->set_fields('link_id, status');
$data_con->set_table('user_links a');
$data_con->set_where("name!='Module Control' {$filter}");
$data_con->set_order('a.descriptive_title');
$result = $data_con->make_query()->result;
for ($a = 0; $a < $data_con->num_rows; $a++) {
$data = $result->fetch_assoc();
extract($data);
$new_module_status = 'Off';
if (in_array($link_id, $arr_module)) {
$new_module_status = 'On';
}
if ($new_module_status == $status) {
//No change in status, do nothing
} else {
$mod_update_con->set_update("status='{$new_module_status}'");
$mod_update_con->set_where("link_id='{$link_id}'");
$mod_update_con->make_query();
if ($mod_update_con->error != '') {
die($mod_update_con->error);
}
}
}
$data_con->close_db();
$mod_update_con->close_db();
$message = 'Modules status have been updated.';
$message_type = 'system';
}
}
$html_writer = new html();
$html_writer->draw_header('Module Control', $message, $message_type);
