@@ -364,17 +428,7 @@ class User
-
- id!=$_SESSION['user'] && $user->get_rank()<=1 && ($user->get_rank()<$this->rank))
{?>
@@ -392,6 +446,71 @@ class User
id;
+
+ $stmt = $mysqli->prepare("SELECT count(*) FROM users WHERE username LIKE ?");
+ $stmt->bind_param("s",$_POST["username"]);
+ $stmt->execute();
+ if ($stmt->num_rows > 0)
+ {
+ $message = _("This username is already taken.");
+ return;
+ }
+ $stmt->close();
+
+ if ($_SESSION['user'] != $id && $user->get_rank()>0)
+ {
+ $message = _("Cannot change username of other users!");
+ }else{
+ $stmt = $mysqli->prepare("UPDATE users SET username = ? WHERE id=?");
+ $stmt->bind_param("si",$_POST["username"],$id);
+ $stmt->execute();
+ $stmt->close();
+ header("Location: /admin/?do=user&id=".$id);
+ }
+ }
+
+ /**
+ * Changes name and surname of user by POST[ID].
+ * @return void
+ */
+ public function change_name()
+ {
+ global $mysqli, $message, $user;
+ if (strlen(trim($_POST['name']))==0) {
+ $messages[] = _("Name");
+ }
+ if(strlen(trim($_POST['surname']))==0) {
+ $messages[] = _("Surname");
+ }
+
+ if (!empty($messages))
+ {
+ $message = "Please enter ".implode(", ", $messages);
+ return;
+ }
+
+ $id = $this->id;
+
+ if ($_SESSION['user'] != $id && $user->get_rank()>0)
+ {
+ $message = _("Cannot change names of other users!");
+ }else{
+ $stmt = $mysqli->prepare("UPDATE users SET `name` = ?, `surname` = ? WHERE id=?");
+ $stmt->bind_param("ssi",$_POST["name"],$_POST["surname"],$id);
+ $stmt->execute();
+ $stmt->close();
+ header("Location: /admin/?do=user&id=".$id);
+ }
+ }
+
/**
* Changes user password and deletes all remember tokens so all other sessions
* won't stay logged in without knowing new pass. Uses token when reseting password.
@@ -405,72 +524,77 @@ class User
if ($_POST['password']!=$_POST['password_repeat'])
{
$message = _("Passwords do not match!");
- }else{
- if (!$token)
+ return;
+ }
+
+ if (!$token)
+ {
+ if ($_SESSION['user']!=$id)
{
- if ($_SESSION['user']!=$id)
- {
- $message = _("Cannot change password of other users!");
- }else{
- $stmt = $mysqli->prepare("SELECT password_salt as salt FROM users WHERE id=?");
- $stmt->bind_param("i", $id);
- $stmt->execute();
- $query = $stmt->get_result();
-
- $result = $query->fetch_assoc();
- $salt = $result['salt'];
- $pass = $_POST['old_password'];
- $hash = hash('sha256', $pass.$salt);
-
- $stmt = $mysqli->prepare("SELECT count(*) as count FROM users WHERE id=? AND password_hash = ?");
- $stmt->bind_param("is", $id, $hash);
- $stmt->execute();
- if ($stmt->get_result()->fetch_assoc()['count'])
- {
- $pass = $_POST['password'];
- $hash = hash('sha256', $pass.$salt);
- $stmt = $mysqli->prepare("UPDATE users SET password_hash = ? WHERE id=?");
- $stmt->bind_param("si", $hash, $id);
- $stmt->execute();
- $stmt->close();
- $stmt = $mysqli->prepare("DELETE FROM tokens WHERE user = ? AND data = 'remember'");
- $stmt->bind_param("d", $id);
- $stmt->execute();
- $stmt->get_result();
- User::logout();
- }
- else{
- $message = _("Wrong password!");
- }
- }
+ $message = _("Cannot change password of other users!");
}else{
- if (Token::validate($token, $id, "passwd"))
+ $stmt = $mysqli->prepare("SELECT password_salt as salt FROM users WHERE id=?");
+ $stmt->bind_param("i", $id);
+ $stmt->execute();
+ $query = $stmt->get_result();
+ $result = $query->fetch_assoc();
+
+ $salt = $result['salt'];
+ $pass = $_POST['old_password'];
+ $hash = hash('sha256', $pass.$salt);
+
+ $stmt = $mysqli->prepare("SELECT count(*) as count FROM users WHERE id=? AND password_hash = ?");
+ $stmt->bind_param("is", $id, $hash);
+ $stmt->execute();
+
+ if ($stmt->get_result()->fetch_assoc()['count'])
{
- $stmt = $mysqli->prepare("SELECT password_salt as salt FROM users WHERE id=?");
- $stmt->bind_param("i", $id);
- $stmt->execute();
- $query = $stmt->get_result();
- $result = $query->fetch_assoc();
- $salt = $result['salt'];
$pass = $_POST['password'];
$hash = hash('sha256', $pass.$salt);
-
$stmt = $mysqli->prepare("UPDATE users SET password_hash = ? WHERE id=?");
- $stmt->bind_param("si", $hash,$id);
+ $stmt->bind_param("si", $hash, $id);
$stmt->execute();
$stmt->close();
- $stmt = $mysqli->prepare("DELETE FROM tokens WHERE user = ? AND data = 'remember'");
- $stmt->bind_param("d", $id);
- $stmt->execute();
- $stmt->get_result();
- }
- else
- {
- $message = _("Invalid token detected, please retry your request from start!");
- }
- Token::delete($token);
+ $stmt = $mysqli->prepare("DELETE FROM tokens WHERE user = ? AND data = 'remember'");
+ $stmt->bind_param("d", $id);
+ $stmt->execute();
+ $stmt->get_result();
+
+ User::logout();
+ }
+ else{
+ $message = _("Wrong password!");
+ }
}
+ }else{
+ if (Token::validate($token, $id, "passwd"))
+ {
+ $stmt = $mysqli->prepare("SELECT password_salt as salt FROM users WHERE id=?");
+ $stmt->bind_param("i", $id);
+ $stmt->execute();
+ $query = $stmt->get_result();
+ $result = $query->fetch_assoc();
+
+ $salt = $result['salt'];
+ $pass = $_POST['password'];
+ $hash = hash('sha256', $pass.$salt);
+
+ $stmt = $mysqli->prepare("UPDATE users SET password_hash = ? WHERE id=?");
+ $stmt->bind_param("si", $hash,$id);
+ $stmt->execute();
+ $stmt->close();
+
+ $stmt = $mysqli->prepare("DELETE FROM tokens WHERE user = ? AND data = 'remember'");
+ $stmt->bind_param("d", $id);
+ $stmt->execute();
+ $stmt->get_result();
+ }
+ else
+ {
+ $message = _("Invalid token detected, please retry your request from start!");
+ }
+ Token::delete($token);
}
}
@@ -511,11 +635,23 @@ class User
* @return void
*/
public function email_link(){
- global $user;
+ global $user, $mysqli;
+
$email = $_POST['email'];
- $time = strtotime('+1 day', time());
$id = $this->id;
+ if ($user->get_rank()<1 && $id!=$_SESSION['user'])
+ {
+ $stmt = $mysqli->prepare("UPDATE users SET email = ? WHERE id=?");
+ $stmt->bind_param("sd", $email, $id);
+ $stmt->execute();
+ $stmt->get_result();
+ header("Location: /admin/?do=user&id=".$id);
+ return;
+ }
+
+ $time = strtotime('+1 day', time());
+
$token = Token::add($id, 'email;$email', $time);
$link = WEB_URL."/admin/?do=change-email&id=$id&token=$token";
@@ -528,6 +664,7 @@ class User
$headers .= "Reply-To: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
mail($to, $subject, $msg, $headers);
+ return _('Confirmation email sent!');
}
/**
diff --git a/css/main.css b/css/main.css
index 141be2c..bea3c2a 100644
--- a/css/main.css
+++ b/css/main.css
@@ -93,7 +93,7 @@ div.center {
#wrapper
{
- max-width: 900px;
+ max-width: 1024px;
min-height: calc(100vh - 157px);
padding-right: 15px;
padding-left: 15px
@@ -599,4 +599,20 @@ i.danger{
body .h1,body .h2,body .h3,body h1,body h2,body h3 {
margin-top: 18px;
+}
+
+.row.user .input-group
+{
+ width: 100%;
+ margin-bottom: 5px
+}
+
+.row.user .form-name{
+ width: 50%;
+ float: left;
+}
+
+label.form-name
+{
+ line-height: 20px
}
\ No newline at end of file