-
Notifications
You must be signed in to change notification settings - Fork 399
/
Copy pathsettings.php
110 lines (98 loc) · 3.26 KB
/
settings.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<?php
include_once 'locale.php';
include_once 'db_pdo.php';
$type = $_POST["type"];
$name = $_POST["name"] ?? null;
$pw = $_POST["pw"];
$oldpw = $_POST["oldpw"] ?? null;
$oldlpw = $_POST["oldlpw"] ?? null;
$email = $_POST["email"];
$privacy = $_POST["privacy"];
$editor = $_POST["editor"];
$units = $_POST["units"];
$guestpw = $_POST["guestpw"] ?? null;
$startpane = $_POST["startpane"] ?? null;
$locale = $_POST["locale"]; // override any value in URL/session
// 0 error
// 1 new
// 2 edited
// 10 reset
// Create new user
switch ($type) {
case "NEW":
$sth = $dbh->prepare("SELECT * FROM users WHERE name = ?");
$sth->execute([$name]);
if ($sth->fetch()) {
die("0;" . _("Sorry, that name is already taken, please try another."));
}
break;
case "EDIT":
case "RESET":
$uid = $_SESSION["uid"];
$name = $_SESSION["name"];
if (!$uid || empty($uid)) {
die("0;" . _("Your session has timed out, please log in again."));
}
if ($type == "RESET") {
$sth = $dbh->prepare("DELETE FROM flights WHERE uid = ?");
$sth->execute([$uid]);
printf("10;" . _("Account reset, %s flights deleted."), $sth->rowCount());
exit;
}
// EDIT
if ($oldpw && $oldpw != "") {
$sth = $dbh->prepare("SELECT * FROM users WHERE name = ? AND (password = ? OR password = ?)");
$sth->execute([$name, $oldpw, $oldlpw]);
if (!$sth->fetch()) {
die("0;" . _("Sorry, current password is not correct."));
}
}
break;
default:
die("0;" . sprintf(_("Unknown action %s"), htmlspecialchars($type)));
}
// Note: Password is actually an MD5 hash of pw and username
if ($type == "NEW") {
$sth = $dbh->prepare(
"INSERT INTO users (name, password, email, public, editor, locale, units) VALUES (?, ?, ?, ?, ?, ?, ?)"
);
$success = $sth->execute([$name, $pw, $email, $privacy, $editor, $locale, $units]);
} else {
if (!$guestpw) {
$guestpw = null;
}
$params = compact('email', 'privacy', 'editor', 'guestpw', 'startpane', 'locale', 'units', 'uid');
// Only change password if old password matched and a new one was given
if ($oldpw && $oldpw != "" && $pw && $pw != "") {
$pwsql = "password = :pw, ";
$params['pw'] = $pw;
} else {
$pwsql = "";
}
$sth = $dbh->prepare("
UPDATE users
SET $pwsql
email = :email, public = :privacy, editor = :editor, guestpw = :guestpw,
startpane = :startpane, locale = :locale, units = :units
WHERE uid = :uid
");
$success = $sth->execute($params);
}
if (!$success) {
die("0;" . sprintf(_("Operation on user %s failed."), htmlspecialchars($name)));
}
// In all cases, change locale and units to user selection
$_SESSION['locale'] = $locale;
$_SESSION['units'] = $units;
if ($type == "NEW") {
printf("1;" . _("Successfully signed up, now logging in..."));
// Log in the user
$uid = $dbh->lastInsertId();
$_SESSION['uid'] = $uid;
$_SESSION['name'] = $name;
$_SESSION['editor'] = $editor;
$_SESSION['elite'] = '';
$_SESSION['units'] = $units;
} else {
printf("2;" . _("Settings changed successfully, returning..."));
}