docs/mods/_core/users/password_user.php

   1 <?php
   2 /****************************************************************/
   3 /* ATutor                                                                                                               */
   4 /****************************************************************/
   5 /* Copyright (c) 2002-2010                                      */
   6 /* Inclusive Design Institute                                   */
   7 /* http://atutor.ca                                                                                             */
   8 /*                                                              */
   9 /* This program is free software. You can redistribute it and/or*/
  10 /* modify it under the terms of the GNU General Public License  */
  11 /* as published by the Free Software Foundation.                                */
  12 /****************************************************************/
  13 // $Id$
  14
  15 $_user_location = 'admin';
  16
  17 define('AT_INCLUDE_PATH', '../../../include/');
  18 require(AT_INCLUDE_PATH.'vitals.inc.php');
  19 admin_authenticate(AT_ADMIN_PRIV_USERS);
  20
  21 if (isset($_POST['cancel'])) {
  22         $msg->addFeedback('CANCELLED');
  23         header('Location: '.AT_BASE_HREF.'mods/_core/users/users.php');
  24         exit;
  25 } else if (isset($_POST['submit'])) {
  26         /* password check: password is verified front end by javascript. here is to handle the errors from javascript */
  27         if ($_POST['password_error'] <> "")
  28         {
  29                 $pwd_errors = explode(",", $_POST['password_error']);
  30
  31                 foreach ($pwd_errors as $pwd_error)
  32                 {
  33                         if ($pwd_error == "missing_password")
  34                                 $missing_fields[] = _AT('password');
  35                         else
  36                                 $msg->addError($pwd_error);
  37                 }
  38         }
  39
  40         if (!$msg->containsErrors()) {
  41                 $_POST['id'] = intval($_POST['id']);
  42
  43                 $sql = "UPDATE ".TABLE_PREFIX."members SET password= '$_POST[form_password_hidden]', creation_date=creation_date, last_login=last_login WHERE member_id=$_POST[id]";
  44                 $result = mysql_query($sql, $db);
  45
  46                 $sql    = "SELECT login, email FROM ".TABLE_PREFIX."members WHERE member_id=$_POST[id]";
  47                 $result = mysql_query($sql,$db);
  48                 if ($row = mysql_fetch_assoc($result)) {
  49                         $r_login = $row['login'];
  50                         $r_email = $row['email'];
  51
  52                         $tmp_message  = _AT('password_change_msg')."\n\n";
  53                         $tmp_message .= _AT('web_site').' : '.AT_BASE_HREF."\n";
  54                         $tmp_message .= _AT('login_name').' : '.$r_login."\n";
  55
  56                         require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php');
  57
  58                         $mail = new ATutorMailer;
  59
  60                         $mail->From     = $_config['contact_email'];
  61                         $mail->AddAddress($r_email);
  62                         $mail->Subject = $_config['site_name'] . ': ' . _AT('password_changed');
  63                         $mail->Body    = $tmp_message;
  64
  65                         if(!$mail->Send()) {
  66                            $msg->printErrors('SENDING_ERROR');
  67                            exit;
  68                         }
  69
  70                 }
  71
  72                 $msg->addFeedback('PROFILE_UPDATED_ADMIN');
  73                 header('Location: '.AT_BASE_HREF.'mods/_core/users/users.php');
  74                 exit;
  75         }
  76         $_GET['id'] = $_POST['id'];
  77 }
  78
  79
  80 $onload = 'document.form.password.focus();';
  81
  82 require(AT_INCLUDE_PATH.'header.inc.php');
  83
  84 $id = intval($_GET['id']);
  85
  86 $sql    = "SELECT login FROM ".TABLE_PREFIX."members WHERE member_id=$id";
  87 $result = mysql_query($sql, $db);
  88
  89 if (!$row = mysql_fetch_assoc($result)) {
  90         $msg->printErrors('USER_NOT_FOUND');
  91         require(AT_INCLUDE_PATH.'footer.inc.php');
  92         exit;
  93 }
  94
  95 ?>
  96 <script language="JavaScript" src="sha-1factory.js" type="text/javascript"></script>
  97
  98 <script type="text/javascript">
  99 function encrypt_password()
 100 {
 101         document.form.password_error.value = "";
 102
 103         err = verify_password(document.form.password.value, document.form.password2.value);
 104
 105         if (err.length > 0)
 106         {
 107                 document.form.password_error.value = err;
 108         }
 109         else
 110         {
 111                 document.form.form_password_hidden.value = hex_sha1(document.form.password.value);
 112                 document.form.password.value = "";
 113                 document.form.password2.value = "";
 114         }
 115 }
 116 </script>
 117
 118 <?php
 119 $savant->assign('id', $id);
 120 $savant->display('admin/users/password_user.tmpl.php');
 121 require(AT_INCLUDE_PATH.'footer.inc.php'); ?>