2 /****************************************************************/
4 /****************************************************************/
5 /* Copyright (c) 2002-2010 */
6 /* Inclusive Design Institute */
9 /* This program is free software. You can redistribute it and/or*/
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /****************************************************************/
14 define('AT_INCLUDE_PATH', '../../../../include/');
15 require(AT_INCLUDE_PATH.'vitals.inc.php');
16 admin_authenticate(AT_ADMIN_PRIV_USERS);
18 if (isset($_POST['cancel'])) {
19 $msg->addFeedback('CANCELLED');
20 header('Location: '.AT_BASE_HREF.'mods/_core/users/admins/index.php');
22 } else if (isset($_POST['submit'])) {
23 /* password check: password is verified front end by javascript. here is to handle the errors from javascript */
24 if ($_POST['password_error'] <> "")
26 $pwd_errors = explode(",", $_POST['password_error']);
28 foreach ($pwd_errors as $pwd_error)
30 if ($pwd_error == "missing_password")
31 $missing_fields[] = _AT('password');
33 $msg->addError($pwd_error);
37 if (!$msg->containsErrors()) {
38 $password = $addslashes($_POST['form_password_hidden']);
40 $sql = "UPDATE ".TABLE_PREFIX."admins SET password='$password', last_login=last_login WHERE login='$_POST[login]'";
41 $result = mysql_query($sql, $db);
43 $sql = "UPDATE ".TABLE_PREFIX."admins SET password='********' WHERE login='$_POST[login]'";
44 write_to_log(AT_ADMIN_LOG_UPDATE, 'admins', mysql_affected_rows($db), $sql);
46 $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
47 header('Location: '.AT_BASE_HREF.'mods/_core/users/admins/index.php');
50 $_POST['login'] = $stripslashes($_POST['login']);
54 $_GET['login'] = $addslashes($_REQUEST['login']);
56 $sql = "SELECT login FROM ".TABLE_PREFIX."admins WHERE login='$_GET[login]'";
57 $result = mysql_query($sql, $db);
58 if (!($row = mysql_fetch_assoc($result))) {
59 $msg->addError('USER_NOT_FOUND');
61 require(AT_INCLUDE_PATH.'footer.inc.php');
64 if (!isset($_POST['submit'])) {
67 if (query_bit($row['privileges'], AT_ADMIN_PRIV_ADMIN)) {
68 $_POST['priv_admin'] = 1;
70 $_POST['privs'] = intval($row['privileges']);
73 $onload = 'document.form.password1.focus();';
74 require(AT_INCLUDE_PATH.'header.inc.php');
77 <script language="JavaScript" src="sha-1factory.js" type="text/javascript"></script>
79 <script type="text/javascript">
80 function encrypt_password()
82 document.form.password_error.value = "";
84 err = verify_password(document.form.password1.value, document.form.confirm_password.value);
88 document.form.password_error.value = err;
92 document.form.form_password_hidden.value = hex_sha1(document.form.password1.value);
93 document.form.password1.value = "";
94 document.form.confirm_password.value = "";
99 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" name="form">
100 <input type="hidden" name="login" value="<?php echo $row['login']; ?>" />
101 <input type="hidden" name="form_password_hidden" value="" />
102 <input type="hidden" name="password_error" value="" />
104 <div class="input-form">
106 <h3><?php echo htmlspecialchars($row['login']); ?></h3>
110 <span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="form_password1"><?php echo _AT('password'); ?></label><br />
111 <input type="password" name="password1" id="password1" size="15" />
115 <span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="form_password2"><?php echo _AT('confirm_password'); ?></label><br />
116 <input type="password" name="confirm_password" id="confirm_password" size="15" />
119 <div class="row buttons">
120 <input type="submit" name="submit" value="<?php echo _AT('submit'); ?>" accesskey="s" onclick="encrypt_password();" />
121 <input type="submit" name="cancel" value="<?php echo _AT('cancel'); ?>" />
126 <?php require(AT_INCLUDE_PATH.'footer.inc.php'); ?>