2 /****************************************************************/
4 /****************************************************************/
5 /* Copyright (c) 2002-2010 */
6 /* Inclusive Design Institute */
9 /* This program is free software. You can redistribute it and/or*/
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /****************************************************************/
14 define('AT_INCLUDE_PATH', '../../../../include/');
15 require(AT_INCLUDE_PATH.'vitals.inc.php');
16 admin_authenticate(AT_ADMIN_PRIV_USERS);
18 if (isset($_POST['cancel'])) {
19 $msg->addFeedback('CANCELLED');
20 header('Location: '.AT_BASE_HREF.'mods/_core/users/admins/index.php');
22 } else if (isset($_POST['submit'])) {
23 /* password check: password is verified front end by javascript. here is to handle the errors from javascript */
24 if ($_POST['password_error'] <> "")
26 $pwd_errors = explode(",", $_POST['password_error']);
28 foreach ($pwd_errors as $pwd_error)
30 if ($pwd_error == "missing_password")
31 $missing_fields[] = _AT('password');
33 $msg->addError($pwd_error);
37 if (!$msg->containsErrors()) {
38 $password = $addslashes($_POST['form_password_hidden']);
40 $sql = "UPDATE ".TABLE_PREFIX."admins SET password='$password', last_login=last_login WHERE login='$_POST[login]'";
41 $result = mysql_query($sql, $db);
43 $sql = "UPDATE ".TABLE_PREFIX."admins SET password='********' WHERE login='$_POST[login]'";
44 write_to_log(AT_ADMIN_LOG_UPDATE, 'admins', mysql_affected_rows($db), $sql);
46 $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
47 header('Location: '.AT_BASE_HREF.'mods/_core/users/admins/index.php');
50 $_POST['login'] = $stripslashes($_POST['login']);
54 $_GET['login'] = $addslashes($_REQUEST['login']);
56 $sql = "SELECT login FROM ".TABLE_PREFIX."admins WHERE login='$_GET[login]'";
57 $result = mysql_query($sql, $db);
58 if (!($row = mysql_fetch_assoc($result))) {
59 $msg->addError('USER_NOT_FOUND');
61 require(AT_INCLUDE_PATH.'footer.inc.php');
64 if (!isset($_POST['submit'])) {
67 if (query_bit($row['privileges'], AT_ADMIN_PRIV_ADMIN)) {
68 $_POST['priv_admin'] = 1;
70 $_POST['privs'] = intval($row['privileges']);
73 $onload = 'document.form.password1.focus();';
74 require(AT_INCLUDE_PATH.'header.inc.php');
77 <script language="JavaScript" src="sha-1factory.js" type="text/javascript"></script>
79 <script type="text/javascript">
80 function encrypt_password()
82 document.form.password_error.value = "";
84 err = verify_password(document.form.password1.value, document.form.confirm_password.value);
88 document.form.password_error.value = err;
92 document.form.form_password_hidden.value = hex_sha1(document.form.password1.value);
93 document.form.password1.value = "";
94 document.form.confirm_password.value = "";
102 $savant->assign('row', $row);
103 $savant->display('admin/users/password.tmpl.php');
104 require(AT_INCLUDE_PATH.'footer.inc.php'); ?>