docs/mods/_core/users/admins/password.php

   1 <?php
   2 /****************************************************************/
   3 /* ATutor                                                                                                               */
   4 /****************************************************************/
   5 /* Copyright (c) 2002-2010                                      */
   6 /* Inclusive Design Institute                                   */
   7 /* http://atutor.ca                                                                                             */
   8 /*                                                              */
   9 /* This program is free software. You can redistribute it and/or*/
  10 /* modify it under the terms of the GNU General Public License  */
  11 /* as published by the Free Software Foundation.                                */
  12 /****************************************************************/
  13 // $Id$
  14 define('AT_INCLUDE_PATH', '../../../../include/');
  15 require(AT_INCLUDE_PATH.'vitals.inc.php');
  16 admin_authenticate(AT_ADMIN_PRIV_USERS);
  17
  18 if (isset($_POST['cancel'])) {
  19         $msg->addFeedback('CANCELLED');
  20         header('Location: '.AT_BASE_HREF.'mods/_core/users/admins/index.php');
  21         exit;
  22 } else if (isset($_POST['submit'])) {
  23         /* password check: password is verified front end by javascript. here is to handle the errors from javascript */
  24         if ($_POST['password_error'] <> "")
  25         {
  26                 $pwd_errors = explode(",", $_POST['password_error']);
  27
  28                 foreach ($pwd_errors as $pwd_error)
  29                 {
  30                         if ($pwd_error == "missing_password")
  31                                 $missing_fields[] = _AT('password');
  32                         else
  33                                 $msg->addError($pwd_error);
  34                 }
  35         }
  36
  37         if (!$msg->containsErrors()) {
  38                 $password     = $addslashes($_POST['form_password_hidden']);
  39
  40                 $sql    = "UPDATE ".TABLE_PREFIX."admins SET password='$password', last_login=last_login WHERE login='$_POST[login]'";
  41                 $result = mysql_query($sql, $db);
  42
  43                 $sql    = "UPDATE ".TABLE_PREFIX."admins SET password='********' WHERE login='$_POST[login]'";
  44                 write_to_log(AT_ADMIN_LOG_UPDATE, 'admins', mysql_affected_rows($db), $sql);
  45
  46                 $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
  47                 header('Location: '.AT_BASE_HREF.'mods/_core/users/admins/index.php');
  48                 exit;
  49         }
  50         $_POST['login'] = $stripslashes($_POST['login']);
  51 }
  52
  53
  54 $_GET['login'] = $addslashes($_REQUEST['login']);
  55
  56 $sql = "SELECT login FROM ".TABLE_PREFIX."admins WHERE login='$_GET[login]'";
  57 $result = mysql_query($sql, $db);
  58 if (!($row = mysql_fetch_assoc($result))) {
  59         $msg->addError('USER_NOT_FOUND');
  60         $msg->printErrors();
  61         require(AT_INCLUDE_PATH.'footer.inc.php');
  62         exit;
  63 }
  64 if (!isset($_POST['submit'])) {
  65         $_POST = $row;
  66
  67         if (query_bit($row['privileges'], AT_ADMIN_PRIV_ADMIN)) {
  68                 $_POST['priv_admin'] = 1;
  69         }
  70         $_POST['privs'] = intval($row['privileges']);
  71 }
  72
  73 $onload = 'document.form.password1.focus();';
  74 require(AT_INCLUDE_PATH.'header.inc.php');
  75
  76 ?>
  77 <script language="JavaScript" src="sha-1factory.js" type="text/javascript"></script>
  78
  79 <script type="text/javascript">
  80 function encrypt_password()
  81 {
  82         document.form.password_error.value = "";
  83
  84         err = verify_password(document.form.password1.value, document.form.confirm_password.value);
  85
  86         if (err.length > 0)
  87         {
  88                 document.form.password_error.value = err;
  89         }
  90         else
  91         {
  92                 document.form.form_password_hidden.value = hex_sha1(document.form.password1.value);
  93                 document.form.password1.value = "";
  94                 document.form.confirm_password.value = "";
  95         }
  96 }
  97 </script>
  98
  99
 100
 101 <?php
 102 $savant->assign('row', $row);
 103 $savant->display('admin/users/password.tmpl.php');
 104 require(AT_INCLUDE_PATH.'footer.inc.php'); ?>