. if (!defined('EG')) die('Direct access not allowed!'); class AdminpasswordController extends Controller { function __construct($model, $controller, $queryString) { parent::__construct($model, $controller, $queryString); $this->load('header_back'); $this->load('footer_back','last'); $this->helper('Menu','users','panel/main'); $this->helper('Array'); $this->session('admin'); $this->model('AdminusersModel'); $this->m['AdminusersModel']->setFields('password:sha1','none'); $this->m['AdminusersModel']->strongConditions['update'] = array('checkEqual'=>'password,confirmation'); $this->m['AdminusersModel']->strongConditions['insert'] = array('checkEqual'=>'password,confirmation'); $this->m['AdminusersModel']->identifierName = 'id_user'; $this->setArgKeys(array('token:sanitizeAll'=>'token')); } public function form() { $this->shift(0); $this->s['admin']->check(); if (!$this->s['admin']->checkCsrf($this->viewArgs['token'])) $this->redirect('panel/main/',2,'wrong token..'); $data['notice'] = null; $id = (int)$this->s['admin']->status['id_user']; if (isset($_POST['updateAction'])) { $pass = $this->s['admin']->getPassword(); if (sha1($_POST['old']) === $pass) { $this->m['AdminusersModel']->updateTable('update',$id); $data['notice'] = $this->m['AdminusersModel']->notice; } else { $data['notice'] = "

Vecchia password sbagliata

\n"; } } $data['menù'] = $this->h['Menu']->render('panel'); $values = $this->m['AdminusersModel']->selectId($id); $action = array('updateAction'=>'save'); $form = new Form_Form('adminpassword/form'.$this->viewStatus,$action); $form->setEntry('old','Password'); $form->entry['old']->labelString = 'old password:'; $form->setEntry('password','Password'); $form->setEntry('confirmation','Password'); $data['form'] = $form->render($values,'old,password,confirmation'); $this->append($data); $this->load('form'); } }