diff --git a/inc/config.php b/inc/config.php index b6c33eaf..3b3f796e 100644 --- a/inc/config.php +++ b/inc/config.php @@ -321,6 +321,8 @@ $config['mod']['promoteusers'] = ADMIN; // Edit any users' login information $config['mod']['editusers'] = ADMIN; + // Change user's own password + $config['mod']['change_password'] = JANITOR; // Delete a user $config['mod']['deleteusers'] = ADMIN; // Create a user diff --git a/inc/mod.php b/inc/mod.php index 4a4de79e..3d0c0d83 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -38,7 +38,7 @@ if(!$mod) error('setCookies() was called for a non-moderator!'); // $config['cookies']['mod'] contains username:hash - setcookie($config['cookies']['mod'], $mod['username'] . ':' . $mod['hash'], time()+$config['cookies']['expire'], $config['cookies']['jail']?$config['root']:'/', null, false, true); + setcookie($config['cookies']['mod'], $mod['username'] . ':' . $mod['hash'], time()+$config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path']:'/', null, false, true); // Put $mod in the session $_SESSION['mod'] = $mod; @@ -51,7 +51,7 @@ function destroyCookies() { global $config; // Delete the cookies - setcookie($config['cookies']['mod'], 'deleted', time()-$config['cookies']['expire'], $config['cookies']['jail']?$config['root']:'/', null, false, true); + setcookie($config['cookies']['mod'], 'deleted', time()-$config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path']:'/', null, false, true); // Unset the session unset($_SESSION['mod']); diff --git a/mod.php b/mod.php index cda1a4aa..c7b29a9c 100644 --- a/mod.php +++ b/mod.php @@ -306,7 +306,8 @@ :'') : '' ) . - ($mod['type'] >= $config['mod']['editusers'] ? + ($mod['type'] >= $config['mod']['editusers'] || + ($mod['type'] >= $config['mod']['change_password'] && $_mod['id'] == $mod['id'])? '[edit]' : '' ) . ($mod['type'] >= $config['mod']['create_pm'] ? @@ -416,7 +417,7 @@ header('Location: ?/users', true, $config['redirect_http']); } else { // Edit user - if($mod['type'] < $config['mod']['editusers']) error($config['error']['noaccess']); + if($mod['type'] < $config['mod']['editusers'] && $mod['type'] < $config['mod']['change_password']) error($config['error']['noaccess']); $query = prepare("SELECT * FROM `mods` WHERE `id` = :id"); $query->bindValue(':id', $modID, PDO::PARAM_INT); @@ -426,12 +427,16 @@ error($config['error']['404']); } - if(isset($_POST['username']) && isset($_POST['password'])) { - $query = prepare("UPDATE `mods` SET `username` = :username WHERE `id` = :id"); - $query->bindValue(':username', $_POST['username']); - $query->bindValue(':id', $modID, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - + if($mod['type'] < $config['mod']['editusers'] && !($mod['type'] >= $config['mod']['change_password'] && $mod['id'] == $_mod['id'] && $change_password_only = true)) + error($config['error']['noaccess']); + + if((isset($_POST['username']) && isset($_POST['password'])) || (isset($change_password_only) && isset($_POST['password']))) { + if(!isset($change_password_only)) { + $query = prepare("UPDATE `mods` SET `username` = :username WHERE `id` = :id"); + $query->bindValue(':username', $_POST['username']); + $query->bindValue(':id', $modID, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + } if(!empty($_POST['password'])) { $query = prepare("UPDATE `mods` SET `password` = :password WHERE `id` = :id"); $query->bindValue(':password', sha1($_POST['password'])); @@ -444,6 +449,16 @@ $query->bindValue(':id', $modID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); + if(!$_mod = $query->fetch()) { + error($config['error']['404']); + } + + if($_mod['id'] == $mod['id']) { + // Changed own password. Update cookies + var_dump(login($_mod['username'], $_mod['password'], false)); + setCookies(); + } + $_mod = $query->fetch(); } @@ -454,7 +469,13 @@ '' . - '' . + '' . '' . '
Username
Username' . + + (isset($change_password_only) ? + $_mod['username'] + : '') . + + '
Password (new; optional)
' .