2 /****************************************************************/
4 /****************************************************************/
5 /* Copyright (c) 2002-2010 */
6 /* Inclusive Design Institute */
9 /* This program is free software. You can redistribute it and/or*/
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /****************************************************************/
15 $_user_location = 'admin';
17 define('AT_INCLUDE_PATH', '../../../include/');
18 require(AT_INCLUDE_PATH.'vitals.inc.php');
19 admin_authenticate(AT_ADMIN_PRIV_USERS);
21 if (isset($_POST['cancel'])) {
22 $msg->addFeedback('CANCELLED');
23 header('Location: '.AT_BASE_HREF.'mods/_core/users/users.php');
25 } else if (isset($_POST['submit'])) {
26 /* password check: password is verified front end by javascript. here is to handle the errors from javascript */
27 if ($_POST['password_error'] <> "")
29 $pwd_errors = explode(",", $_POST['password_error']);
31 foreach ($pwd_errors as $pwd_error)
33 if ($pwd_error == "missing_password")
34 $missing_fields[] = _AT('password');
36 $msg->addError($pwd_error);
40 if (!$msg->containsErrors()) {
41 $_POST['id'] = intval($_POST['id']);
43 $sql = "UPDATE ".TABLE_PREFIX."members SET password= '$_POST[form_password_hidden]', creation_date=creation_date, last_login=last_login WHERE member_id=$_POST[id]";
44 $result = mysql_query($sql, $db);
46 $sql = "SELECT login, email FROM ".TABLE_PREFIX."members WHERE member_id=$_POST[id]";
47 $result = mysql_query($sql,$db);
48 if ($row = mysql_fetch_assoc($result)) {
49 $r_login = $row['login'];
50 $r_email = $row['email'];
52 $tmp_message = _AT('password_change_msg')."\n\n";
53 $tmp_message .= _AT('web_site').' : '.AT_BASE_HREF."\n";
54 $tmp_message .= _AT('login_name').' : '.$r_login."\n";
56 require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php');
58 $mail = new ATutorMailer;
60 $mail->From = $_config['contact_email'];
61 $mail->AddAddress($r_email);
62 $mail->Subject = $_config['site_name'] . ': ' . _AT('password_changed');
63 $mail->Body = $tmp_message;
66 $msg->printErrors('SENDING_ERROR');
72 $msg->addFeedback('PROFILE_UPDATED_ADMIN');
73 header('Location: '.AT_BASE_HREF.'mods/_core/users/users.php');
76 $_GET['id'] = $_POST['id'];
80 $onload = 'document.form.password.focus();';
82 require(AT_INCLUDE_PATH.'header.inc.php');
84 $id = intval($_GET['id']);
86 $sql = "SELECT login FROM ".TABLE_PREFIX."members WHERE member_id=$id";
87 $result = mysql_query($sql, $db);
89 if (!$row = mysql_fetch_assoc($result)) {
90 $msg->printErrors('USER_NOT_FOUND');
91 require(AT_INCLUDE_PATH.'footer.inc.php');
96 <script language="JavaScript" src="sha-1factory.js" type="text/javascript"></script>
98 <script type="text/javascript">
99 function encrypt_password()
101 document.form.password_error.value = "";
103 err = verify_password(document.form.password.value, document.form.password2.value);
107 document.form.password_error.value = err;
111 document.form.form_password_hidden.value = hex_sha1(document.form.password.value);
112 document.form.password.value = "";
113 document.form.password2.value = "";
119 $savant->assign('id', $id);
120 $savant->display('admin/users/password_user.tmpl.php');
121 require(AT_INCLUDE_PATH.'footer.inc.php'); ?>