Rev 505 |
Blame |
Compare with Previous |
Last modification |
View Log
| RSS feed
<?php
require '../_taios.php';
$page = new Taios_Page
('Update Account', '../');
$userID = $page->getPostID();
$page->checkLoggedIn();
$accessID = $_POST['accessID'];
$password = $_POST['password'];
$email = $_POST['email'];
$name = $_POST['name'];
$user = $page->getUserByID($userID);
if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user && $page->isUserNormal($page->getLoggedInUser())) {
if (isset($accessID) && $page->isUserAdmin($page->getLoggedInUser())) {
$page->query("UPDATE Users SET AccessID = ? WHERE ID = ?", array($accessID, $userID));
}
if (!empty($password)) {
$salt = $user->username . "sheeps";
$page->query("UPDATE Users SET Password = ?, Salt = ? WHERE ID = ?", array($page->saltAndBurn($password, $salt), $salt, $userID));
}
if (!empty($email)) {
$page->query("UPDATE Users SET EmailAddress = ? WHERE ID = ?", array($email, $userID));
}
if (!empty($name)) {
$page->query("UPDATE Users SET Name = ? WHERE ID = ?", array($name, $userID));
}
} else {
if (!$user) {
$page->drawError('No such user, #' . $userID);
} else {
$page->drawError('You do not have permission to access this page.');
}
}
$page->redirect('account.php?id=' . $userID);
?>