Your IP : 216.73.217.6
<?php
/**
* User: zaven
* Date: 31.10.2018
* Time: 18:45
* Project: speech
**/
require_once('../includes/init.inc.php');
require_once(APPLICATION_BASE . 'includes/security.ajax.inc.php');
$resultArray = array(
'success' => 0,
'error' => 1,
'message' => TX_ERROR_UNKNOWN_ERROR
);
$data = array();
$data['action'] = -1;
$data['admin_username'] = '';
$data['user_firstname'] = '';
$data['user_lastname'] = '';
$data['user_mail'] = '';
$data['user_pwd_old'] = '';
$data['user_pwd_new'] = '';
$data['user_pwd_confirm'] = '';
$data['admin_id'] = -1;
$data['user_id'] = -1;
foreach ($data as $key => $val) {
if (isset($_POST[$key]) && $_POST[$key] != '') {
$data[$key] = $_POST[$key];
}
}
if ($_SESSION['ac']['USER_TYPE'] == UserType::SiteSuperUser) {
$data['admin_id'] = $_SESSION['ac']['USER_ID'];
} else {
$data['user_id'] = $_SESSION['ac']['USER_ID'];
}
switch ($data['action']) {
case 1: //update data
if ($_SESSION['ac']['USER_TYPE'] == UserType::SiteSuperUser) {
$sql = "UPDATE #__admin SET admin_username='" . db_real_escape_string($data['admin_username']) . "' WHERE admin_id='" . db_real_escape_string($data['admin_id']) . "'";
$result1 = db_query($sql);
if ($result1 !== false) {
$resultArray['error'] = 0;
}
} else {
$sql = "SELECT COUNT(user_id) as user_count FROM #__user WHERE user_mail='" . db_real_escape_string($data['user_mail']) . "' AND user_id <> '" . db_real_escape_string($data['user_id']) . "'";
$result = db_query($sql);
if ($result !== false) {
$userCount = db_result($result, 0);
if ($userCount == 0) {
$sql = "UPDATE #__user SET " .
"user_firstname='" . db_real_escape_string($data['user_firstname']) . "', " .
"user_lastname='" . db_real_escape_string($data['user_lastname']) . "', " .
"user_mail='" . db_real_escape_string($data['user_mail']) . "', " .
"WHERE user_id='" . db_real_escape_string($data['user_id']) . "'";
$result1 = db_query($sql);
if ($result1 !== false) {
$resultArray['error'] = 0;
}
} else {
$resultArray['message'] = TX_ERROR_MANDATORY_DATA_MISSING;
}
}
}
break;
case 2: //update password
if ($_SESSION['ac']['USER_TYPE'] == UserType::SiteSuperUser) {
$sql = "SELECT COUNT(admin_id) as user_count FROM #__admin WHERE admin_passwd='" . db_real_escape_string(md5($data['user_pwd_old'])) . "' AND admin_id='" . db_real_escape_string($data['admin_id']) . "'";
$result = db_query($sql);
if ($result !== false) {
$userCount = db_result($result, 0);
if ($userCount == 1) {
if ($data['user_pwd_new'] == $data['user_pwd_confirm']) {
$sql = "UPDATE #__admin SET admin_passwd = '" . db_real_escape_string(md5($data['user_pwd_new'])) . "' ".
"WHERE admin_passwd='" . db_real_escape_string(md5($data['user_pwd_old'])) . "' AND admin_id='" . db_real_escape_string($data['admin_id']) . "'";
$result1 = db_query($sql);
if ($result1 !== false) {
$resultArray['error'] = 0;
$resultArray['message'] = TX_SUCCESS_DATA_WAS_UPDATED;
}
} else {
$resultArray['message'] = TX_ERROR_USER_NEW_PASSWORD_MISMATCH;
}
} else {
$resultArray['message'] = TX_ERROR_USER_OLD_PASSWORD_MISMATCH;
}
}
} else {
$sql = "SELECT COUNT(user_id) as user_count FROM #__user WHERE user_password='" . db_real_escape_string(md5($data['user_pwd_old'])) . "' AND user_id='" . db_real_escape_string($data['user_id']) . "'";
$result = db_query($sql);
if ($result !== false) {
$userCount = db_result($result, 0);
if ($userCount == 1) {
if ($data['user_pwd_new'] == $data['user_pwd_confirm']) {
$sql = "UPDATE #__user SET user_password = '" . db_real_escape_string(md5($data['user_pwd_new'])) . "' ".
"WHERE user_password='" . db_real_escape_string(md5($data['user_pwd_old'])) . "' AND user_id='" . db_real_escape_string($data['user_id']) . "'";
$result1 = db_query($sql);
if ($result1 !== false) {
$resultArray['error'] = 0;
$resultArray['message'] = TX_SUCCESS_DATA_WAS_UPDATED;
}
} else {
$resultArray['message'] = TX_ERROR_USER_NEW_PASSWORD_MISMATCH;
}
} else {
$resultArray['message'] = TX_ERROR_USER_OLD_PASSWORD_MISMATCH;
}
}
}
break;
case 3: //check user mail
$sql = "SELECT COUNT(user_id) as user_count FROM #__user WHERE user_mail='" . db_real_escape_string($data['user_mail']) . "' AND user_id <> '" . db_real_escape_string($data['user_id']) . "'";
$result = db_query($sql);
if ($result !== false) {
$userCount = db_result($result, 0);
$resultArray['error'] = ($userCount == 0 ? 0 : 1);
}
break;
case 4: //check old password
if ($_SESSION['ac']['USER_TYPE'] == UserType::SiteSuperUser) {
$sql = "SELECT COUNT(admin_id) as user_count FROM #__admin WHERE admin_passwd='" . db_real_escape_string(md5($data['user_pwd_old'])) . "' AND admin_id='" . db_real_escape_string($data['admin_id']) . "'";
$result = db_query($sql);
if ($result !== false) {
$userCount = db_result($result, 0);
$resultArray['error'] = ($userCount == 1 ? 0 : 1);
}
} else {
$sql = "SELECT COUNT(user_id) as user_count FROM #__user WHERE user_password='" . db_real_escape_string(md5($data['user_pwd_old'])) . "' AND user_id='" . db_real_escape_string($data['user_id']) . "'";
$result = db_query($sql);
if ($result !== false) {
$userCount = db_result($result, 0);
$resultArray['error'] = ($userCount == 1 ? 0 : 1);
}
}
break;
}
$resultArray['dbg'] = $data;
header('Content-type: application/json; charset=utf-8');
echo json_encode($resultArray);
die();