1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
<?php
// h-admin, a web software to build a community of people that want to share their hardware information.
// Copyright (C) 2010 Antonio Gallo (h-admin-copyright.txt)
//
// This file is part of h-admin
//
// h-admin is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// h-admin is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with h-admin. If not, see <http://www.gnu.org/licenses/>.
if (!defined('EG')) die('Direct access not allowed!');
class AdminpasswordController extends Controller
{
function __construct($model, $controller, $queryString)
{
parent::__construct($model, $controller, $queryString);
$this->load('header_back');
$this->load('footer_back','last');
$this->helper('Menu','users','panel/main');
$this->helper('Array');
$this->session('admin');
$this->model('AdminusersModel');
$this->m['AdminusersModel']->setFields('password:sha1','none');
$this->m['AdminusersModel']->strongConditions['update'] = array('checkEqual'=>'password,confirmation');
$this->m['AdminusersModel']->strongConditions['insert'] = array('checkEqual'=>'password,confirmation');
$this->m['AdminusersModel']->identifierName = 'id_user';
$this->setArgKeys(array('token:sanitizeAll'=>'token'));
}
public function form()
{
$this->shift(0);
$this->s['admin']->check();
if (!$this->s['admin']->checkCsrf($this->viewArgs['token'])) $this->redirect('panel/main/',2,'wrong token..');
$data['notice'] = null;
$id = (int)$this->s['admin']->status['id_user'];
if (isset($_POST['updateAction'])) {
$pass = $this->s['admin']->getPassword();
if (sha1($_POST['old']) === $pass)
{
$this->m['AdminusersModel']->updateTable('update',$id);
$data['notice'] = $this->m['AdminusersModel']->notice;
}
else
{
$data['notice'] = "<div class='alert'>Vecchia password sbagliata</div>\n";
}
}
$data['menù'] = $this->h['Menu']->render('panel');
$values = $this->m['AdminusersModel']->selectId($id);
$action = array('updateAction'=>'save');
$form = new Form_Form('adminpassword/form'.$this->viewStatus,$action);
$form->setEntry('old','Password');
$form->entry['old']->labelString = 'old password:';
$form->setEntry('password','Password');
$form->setEntry('confirmation','Password');
$data['form'] = $form->render($values,'old,password,confirmation');
$this->append($data);
$this->load('form');
}
}
|
