Location: PHPKode > projects > Sound PHP Engine > s-p-e-0.3.0/s-p-e-0.3.0/data/update.php
<?php
// ===================================================== 
// 
// s-p-e - Content management system. 
// Copyright (C) 2004, 2005, 2010, 2011 Vladimir B. Tsarkov
// 
// This file is part of s-p-e. 
// 
// s-p-e is free software; you can redistribute it and/or modify 
// it under the terms of the GNU General Public License as published by 
// the Free Software Foundation, either version 3 of the License, or 
// (at your option) any later version. 
// 
// s-p-e is distributed in the hope that it will be useful, 
// but WITHOUT ANY WARRANTY; without even the implied warranty of 
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 
// GNU General Public License for more details. 
// 
// You should have received a copy of the GNU General Public License 
// along with s-p-e. If not, see <http://www.gnu.org/licenses/>.
//
// ------
//
//  You can contact me via e-mail: lipetsk-gnu-lug at bk period ru
//
//  update.php
//
//  Abstract: Updates passwords and e-mails of the users.
//  
//  Revision History:
// 
//	1  2004-03-27 - 2005-07-02  vbt
//	2  2005-07-23  vbt
//	3  2010-06-24  vbt
//	4  2011-01-22  vbt
//
// =====================================================
header("Content-Type: text/html; charset=UTF-8");

include("configure/specfg.php"); 
include("../include/functions.php");

cache();

session_set_save_handler("open", "close", "read", "write", "destroy", "gc");
session_start();

gc();

redirect(read(session_id()));

if(read(session_id()) == "administrator")
{
	echo "<html>
	<head>
	<LINK rel='stylesheet' href='../skin/".($cfg["skin"])."/style.css' type='text/css'>
	</head>
	<body>";      

	language($cfg["deflangadmin"]);
	
	if(isset($_POST['red']))
	{
		$red = $_POST['red'];
	}
	if(isset($_POST['refresh']))
	{
		$refresh = $_POST['refresh'];
	}
	if(isset($_POST['olduser']))
	{
		$user = $_POST['olduser'];
		$user = trim($user);
	}
	if(isset($_POST['oldpwd']))
	{
		$oldpwd = $_POST['oldpwd'];
	}
	if(isset($_POST['newpwd']))
	{
		$newpwd = $_POST['newpwd'];
	}
	if(isset($_POST['newmail']))
	{
		$newmail = $_POST['newmail'];
	}
	
	if($refresh)
	{
		if($user == false)
		{
			echo "<font class='negative'>
			".(_("Please, specify the name of the user."))."
			</font>";
		} 
		else if($user == "admin" && $red != 2)
		{
			echo "<font class='negative'>
			".(_("You cannot use login of the administrator for a non-administrator."))."
			</font>"; 
		} 
		else if($newpwd == false)
		{
			echo "<font class='negative'>
			".(_("Please, specify a new password for the user."))."
			</font>";
		} 
		else if(pwdlength($newpwd) == false)
		{
			echo "<p>
			<font class='negative'>
			".(_("Your new password is too short. It must contain at least 8 characters."))."
			</font>
			</p>
			<p>
			".(_("To be secure a password should contain a random set of characters."))."
			</p>";
		} 
		else 
		{
		       if($red == 0) $utype="user";
		       if($red == 1) $utype="editor";
		       if($red == 2) $utype="administrator";			
		       
		       connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
		       $result = mysql_query("select pwd, num 
			       from ".($cfg["prefix"])."security 
			       where login='$user' 
			       and addk='$utype'", $connector) 
			       or die("error #102-1");
			if(mysql_num_rows($result) == 0)
			{
				echo "<font class='negative'>
				".(_("User"))."
				</font>
				&nbsp;$user&nbsp;
				<font class='negative'>
				".(_("does not exist."))."
				</font>";
			} 
			else 
			{
				if($row = mysql_fetch_array($result))
				{
					if(crypt($oldpwd, $row["pwd"]) == $row["pwd"])
					{
					  mysql_query("update ".($cfg["prefix"])."security 
					  set pwd='".(crypt($newpwd))."', mail='$newmail', date='".(date("Y-m-d"))."'
					  where login='$user' 
					  and num='".($row["num"])."' 
					  and addk='$utype'", $connector) 
					  or die("error #102-2");
					
					  echo "<font class='positive'>
					  ".(_("Data was updated successfully."))."
					  </font>";
					} 
					else 
					{
					  echo "<font class='negative'>
					  ".(_("It seems that you have specified a wrong old password for user"))."
					  </font>
					  &nbsp;$user.";
					}
				}
			}
			mysql_free_result($result);
			mysql_close($connector);
		}
	}
	echo "<p>
	<font class='s-normal'>
	".(_("Back to the"))." <a href='admin.php'>".(_("s-p-e Administrator's Page"))."</a>
	</font>
	</p>  
	</body>
	</html>";
} 
else 
{
	echo _("Access denied.");
}
?>
Return current item: Sound PHP Engine