Linux multi-monitor fullscreen support
[ryzomcore.git] / web / public_php / ams / func / change_password.php
blobaa2e74947b27bf439dcd31a3f1d2481de681d08a
1 <?php
2 /**
3 * This function is beign used to change the users password.
4 * It will first check if the user who executed this function is the person of whom the emailaddress is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
5 * If the executing user tries to change someone elses password, he doesn't has to fill in the previous password. The password will be validated first. If the checking was successful the password will be updated and the settings template will be reloaded. Errors made by invalid data will be shown
6 * also after reloading the template.
7 * @author Daan Janssens, mentored by Matthew Lagoe
8 */
9 function change_password(){
11 try{
12 //if logged in
13 if(WebUsers::isLoggedIn()){
15 if(isset($_POST['target_id'])){
16 $adminChangesOther = false;
17 //if target_id is the same as session id or is admin
18 if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod(unserialize($_SESSION['ticket_user'])) ){
19 if($_POST['target_id'] == $_SESSION['id']){
20 //if the password is of the executing user himself
21 $target_username = $_SESSION['user'];
22 }else{
23 //if the password is of someone else.
24 $webUser = new WebUsers($_POST['target_id']);
25 $target_username = $webUser->getUsername();
26 //isAdmin is true when it's the admin, but the target_id != own id
27 $adminChangesOther = true;
28 $_POST["CurrentPass"] = "dummypass";
31 $webUser = new WebUsers($_POST['target_id']);
32 $params = Array( 'user' => $target_username, 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"], 'adminChangesOther' => $adminChangesOther);
33 $result = $webUser->check_change_password($params);
34 if ($result == "success"){
35 //edit stuff into db
36 global $SITEBASE;
37 require_once($SITEBASE . '/inc/settings.php');
38 $succresult = settings();
39 $status = WebUsers::setPassword($target_username, $_POST["NewPass"]);
40 if($status == 'ok'){
41 $succresult['SUCCESS_PASS'] = "OK";
42 }else if($status == 'shardoffline'){
43 $succresult['SUCCESS_PASS'] = "SHARDOFF";
45 $succresult['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
46 $succresult['no_visible_elements'] = 'FALSE';
47 $succresult['username'] = $_SESSION['user'];
48 $succresult['target_id'] = $_POST['target_id'];
49 helpers :: loadtemplate( 'settings', $succresult);
50 throw new SystemExit();
52 }else{
54 $result['prevCurrentPass'] = filter_var($_POST["CurrentPass"], FILTER_SANITIZE_STRING);
55 $result['prevNewPass'] = filter_var($_POST["NewPass"], FILTER_SANITIZE_STRING);
56 $result['prevConfirmNewPass'] = filter_var($_POST["ConfirmNewPass"], FILTER_SANITIZE_STRING);
57 $result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
58 $result['no_visible_elements'] = 'FALSE';
59 $result['username'] = $_SESSION['user'];
60 $result['target_id'] = $_POST['target_id'];
62 global $SITEBASE;
63 require_once($SITEBASE . '/inc/settings.php');
64 $settings = settings();
66 $result = array_merge($result,$settings);
67 helpers :: loadtemplate( 'settings', $result);
68 throw new SystemExit();
71 }else{
72 //ERROR: permission denied!
73 $_SESSION['error_code'] = "403";
74 header("Cache-Control: max-age=1");
75 header("Location: index.php?page=error");
76 throw new SystemExit();
79 }else{
80 //ERROR: The form was not filled in correclty
81 header("Cache-Control: max-age=1");
82 header("Location: index.php?page=settings");
83 throw new SystemExit();
85 }else{
86 //ERROR: user is not logged in
87 header("Cache-Control: max-age=1");
88 header("Location: index.php");
89 throw new SystemExit();
92 }catch (PDOException $e) {
93 //go to error page or something, because can't access website db
94 print_r($e);
95 throw new SystemExit();