id) echo ("Unauthorized access to user administration."); elseif (!isset($_POST['record']) && !is_admin($current_user)) echo ("Unauthorized access to user administration."); $focus = new User(); $focus->retrieve($_POST['record']); if(strtolower($current_user->is_admin) == 'off' && $current_user->id != $focus->id){ $log->fatal("SECURITY:Non-Admin ". $current_user->id . " attempted to change settings for user:". $focus->id); header("Location: index.php?module=Users&action=Logout"); exit; } if(strtolower($current_user->is_admin) == 'off' && isset($_POST['is_admin']) && strtolower($_POST['is_admin']) == 'on'){ $log->fatal("SECURITY:Non-Admin ". $current_user->id . " attempted to change is_admin settings for user:". $focus->id); header("Location: index.php?module=Users&action=Logout"); exit; } if (isset($_POST['user_name']) && isset($_POST['old_password']) && isset($_POST['new_password'])) { /* //changing fourm password define('IN_PHPBB', 1); $phpbb_root_path = "modules/MessageBoard/"; require($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.php'); */ $new_pass = $_POST['new_password']; $new_passwd = $_POST['new_password']; $new_pass = md5($new_pass); $uname = $_POST['user_name']; //$sql = "UPDATE " . USERS_TABLE . " SET user_password = '$new_pass' WHERE username = '$uname'"; /* if (!($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not update user password', '', __LINE__, __FILE__, $sql); } */ if (!$focus->change_password($_POST['old_password'], $_POST['new_password'])) { header("Location: index.php?action=Error&module=Users&error_string=".urlencode($focus->error_string)); exit; } } else { foreach($focus->column_fields as $field) { if(isset($_POST[$field])) { $value = $_POST[$field]; $focus->$field = $value; } } foreach($focus->additional_column_fields as $field) { if(isset($_POST[$field])) { $value = $_POST[$field]; $focus->$field = $value; } } if (!isset($_POST['is_admin'])) $focus->is_admin = 'off'; if (!$focus->verify_data()) { header("Location: index.php?action=Error&module=Users&error_string=".urlencode($focus->error_string)); exit; } else { $focus->save("Users"); // include('modules/Calendar/user_ins.php'); // include("modules/Users/forum_register.php"); $return_id = $focus->id; } } if(isset($focus->id) && $focus->id != '') { if(isset($_POST['user_role'])) { updateUser2RoleMapping($_POST['user_role'],$focus->id); } if(isset($_POST['group_name']) && $_POST['group_name'] != '') { updateUsers2GroupMapping($_POST['group_name'],$focus->id); } } else { if(isset($_POST['user_role'])) { insertUser2RoleMapping($_POST['user_role'],$focus->id); } if(isset($_POST['group_name'])) { insertUsers2GroupMapping($_POST['group_name'],$focus->id); } } if(isset($_POST['return_module']) && $_POST['return_module'] != "") $return_module = $_POST['return_module']; else $return_module = "Users"; if(isset($_POST['return_action']) && $_POST['return_action'] != "") $return_action = $_POST['return_action']; else $return_action = "DetailView"; if(isset($_POST['return_id']) && $_POST['return_id'] != "") $return_id = $_POST['return_id']; if(isset($_REQUEST['activity_mode'])) $activitymode = '&activity_mode='.$_REQUEST['activity_mode']; $log->debug("Saved record with id of ".$return_id); header("Location: index.php?action=$return_action&module=$return_module&record=$return_id$activitymode"); ?>