Rev 505 | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
169 | tom | 1 | <?php |
2 | |||
3 | require '../_taios.php'; |
||
4 | |||
5 | $page = new Taios_Page('Update Account', '../'); |
||
6 | $userID = $page->getPostID(); |
||
7 | |||
8 | $page->checkLoggedIn(); |
||
9 | |||
10 | $accessID = $_POST['accessID']; |
||
11 | $password = $_POST['password']; |
||
12 | $email = $_POST['email']; |
||
13 | $name = $_POST['name']; |
||
14 | |||
15 | $user = $page->getUserByID($userID); |
||
492 | tom | 16 | if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user && $page->isUserNormal($page->getLoggedInUser())) { |
17 | if (isset($accessID) && $page->isUserAdmin($page->getLoggedInUser())) { |
||
18 | $page->query("UPDATE Users SET AccessID = ? WHERE ID = ?", array($accessID, $userID)); |
||
169 | tom | 19 | } |
20 | |||
492 | tom | 21 | if (!empty($password)) { |
506 | freddie | 22 | $salt = $user->username . "sheeps"; |
504 | freddie | 23 | $page->query("UPDATE Users SET Password = ?, Salt = ? WHERE ID = ?", array($page->saltAndBurn($password, $salt), $salt, $userID)); |
169 | tom | 24 | } |
25 | |||
492 | tom | 26 | if (!empty($email)) { |
27 | $page->query("UPDATE Users SET EmailAddress = ? WHERE ID = ?", array($email, $userID)); |
||
169 | tom | 28 | } |
29 | |||
492 | tom | 30 | if (!empty($name)) { |
31 | $page->query("UPDATE Users SET Name = ? WHERE ID = ?", array($name, $userID)); |
||
169 | tom | 32 | } |
492 | tom | 33 | } else { |
34 | if (!$user) { |
||
184 | tom | 35 | $page->drawError('No such user, #' . $userID); |
492 | tom | 36 | } else { |
184 | tom | 37 | $page->drawError('You do not have permission to access this page.'); |
169 | tom | 38 | } |
39 | } |
||
40 | |||
41 | $page->redirect('account.php?id=' . $userID); |
||
42 | |||
43 | ?> |
||
44 |