From 3ff03dc4f0a72432b34c00da620272cf011e4ddd Mon Sep 17 00:00:00 2001 From: Yuchen Pei Date: Thu, 29 Jul 2021 14:17:20 +1000 Subject: Publishing h-node.org code. - this is the h-node.org code, except - removed a js file (3x copies at three different locations) without license / copyright headers - /Js/linkToForm.js - /Public/Js/linkToForm.js - /admin/Public/Js/linkToForm.js - removed config files containing credentials - /Application/Include/params.php - /Config/Config.php - /admin/Application/Include/params.php - /admin/Config/Config.php - added license and copyright header to one php file - /admin/Library/ErrorReporting.php (almost identical to /Library/ErrorReporting.php which has the headers) --- .../Controllers/AdminpasswordController.php | 88 ++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 h-source/admin/Application/Controllers/AdminpasswordController.php (limited to 'h-source/admin/Application/Controllers/AdminpasswordController.php') diff --git a/h-source/admin/Application/Controllers/AdminpasswordController.php b/h-source/admin/Application/Controllers/AdminpasswordController.php new file mode 100644 index 0000000..bcaca95 --- /dev/null +++ b/h-source/admin/Application/Controllers/AdminpasswordController.php @@ -0,0 +1,88 @@ +. + +if (!defined('EG')) die('Direct access not allowed!'); + +class AdminpasswordController extends Controller +{ + + function __construct($model, $controller, $queryString) + { + parent::__construct($model, $controller, $queryString); + + $this->load('header_back'); + $this->load('footer_back','last'); + + $this->helper('Menu','users','panel/main'); + $this->helper('Array'); + + $this->session('admin'); + $this->model('AdminusersModel'); + + $this->m['AdminusersModel']->setFields('password:sha1','none'); + + $this->m['AdminusersModel']->strongConditions['update'] = array('checkEqual'=>'password,confirmation'); + $this->m['AdminusersModel']->strongConditions['insert'] = array('checkEqual'=>'password,confirmation'); + + $this->m['AdminusersModel']->identifierName = 'id_user'; + + $this->setArgKeys(array('token:sanitizeAll'=>'token')); + } + + public function form() + { + $this->shift(0); + + $this->s['admin']->check(); + + if (!$this->s['admin']->checkCsrf($this->viewArgs['token'])) $this->redirect('panel/main/',2,'wrong token..'); + + $data['notice'] = null; + + $id = (int)$this->s['admin']->status['id_user']; + if (isset($_POST['updateAction'])) { + $pass = $this->s['admin']->getPassword(); + if (sha1($_POST['old']) === $pass) + { + $this->m['AdminusersModel']->updateTable('update',$id); + $data['notice'] = $this->m['AdminusersModel']->notice; + } + else + { + $data['notice'] = "
Vecchia password sbagliata
\n"; + } + } + $data['menĂ¹'] = $this->h['Menu']->render('panel'); + + $values = $this->m['AdminusersModel']->selectId($id); + + $action = array('updateAction'=>'save'); + $form = new Form_Form('adminpassword/form'.$this->viewStatus,$action); + $form->setEntry('old','Password'); + $form->entry['old']->labelString = 'old password:'; + $form->setEntry('password','Password'); + $form->setEntry('confirmation','Password'); + $data['form'] = $form->render($values,'old,password,confirmation'); + + $this->append($data); + $this->load('form'); + } + +} \ No newline at end of file -- cgit v1.2.3