-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaccount.php
More file actions
103 lines (88 loc) · 2.77 KB
/
account.php
File metadata and controls
103 lines (88 loc) · 2.77 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<?php
define("INCLUDED", true); //This is for returning a die message if INCLUDED is not defined on any of the template
$AJAX_PAGE = false;
//################ Required Resources ################
$REQUIRED_RESOURCES = array();
//################ Required Files ################
require_once("init.php");
//################ PAGE ACCESS ################
$cms->BannedAccess(true);
eval($cms->SetPageAccess(ACCESS_REGISTERED));
//################ General Variables ################
$page_name[] = array("Account Management"=>"account.php");
//################ Page Functions ################
function UpdateAccount($changeflags, $changepassword)
{
global $DB, $USER, $cookies;
//Set new data variables
$currentpasshash = Sha1Pass($USER['username'], $_POST['currentpassword']);
if($changeflags) $newclient = FixExpansionFlags($_POST['newflags']);
if($changepassword) $newpass = Sha1Pass($USER['username'], $_POST['newpassword']);
$query = new Query();
$query->Update("`account`")->Where("`id` = '%s' AND `sha_pass_hash` = '%s'", $USER['id'], $currentpasshash);
if($changeflags)
{
$query->AddColumns(array("`expansion`"=>"'%s'"), $newclient);
}
if($changepassword)
{
$query->AddColumns(array("`sha_pass_hash`"=>"'%s'", "`sessionkey`"=>"''", "`v`"=>"''", "`s`"=>"''"), $newpass);
}
$query->Build();
$result = $DB->query($query, DBNAME);
//If password was successfully updated. set new cookies
if($result && $DB->affected_rows && $changepassword)
{
$cookies->SetCookie("username", $USER['username'], false);
$cookies->SetCookie("password", $newpass, false);
}
return $DB->affected_rows;
}
if(isset($_POST['submit']))
{
//If nothing changed
if(empty($_POST['newpassword']))
{
$cms->ErrorPopulate("You did not change anything.");
$cms->ErrorStopList();
}
else
{
//Something changed
$passchange = false;
$flagschange = false;
//if no current password is there
if(empty($_POST['currentpassword']))
{
$cms->ErrorPopulate("You must enter your current password to change your account information.");
}
else
{
if(Sha1Pass($USER['username'], $_POST['currentpassword']) != $USER['sha_pass_hash'])
{
$cms->ErrorPopulate("The current password you entered was incorrect.");
}
}
//If password changed
if(!empty($_POST['newpassword']))
{
$passchange = true;
//Password Check
if($_POST['newpassword'] == $USER['username'])
{
$cms->ErrorPopulate("Your new password cannot be same as your email address.");
}
if(strlen($_POST['newpassword']) < 5)
{
$cms->ErrorPopulate("Your new password must contain atleast 5 characters, please use a stronger password.");
}
}
//Update from DB
if(!$cms->ErrorExists())
{
$update_result = UpdateAccount($flagschange, $passchange);
}
}
}
eval(($templates->Output('account_form')));
?>