1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
<?php
require_once('check_login.php');
require_once 'function_auth.php';
if (strlen($_POST["loginpw"]) > 0) {
$strength = Password::strength($_POST["loginpw"], $_POST["username"]);
if (!$strength) {
exit('Insufficient password strength');
}
$loginpw = Password::hash($_POST["loginpw"]);
}
$sth1 = $dbh->prepare("SELECT * FROM sys_cms_login where cmsloginname = ? AND cmsloginid<> ? ");
if (!$sth1->execute(array($_POST["loginname"], $_POST["cmsloginid"])))
throw new Exception('[' . $sth1->errorCode() . ']: ' . $sth1->errorInfo());
if ($sth1->fetchColumn() > 0) {
header("Location: sys_cms_user_index.php?msg=5");
exit;
}
// Modify
if (strlen($_POST["loginpw"]) > 0) {
$password_expirydate = date('Y-m-d H:i:s', strtotime("+1 year")); //extend 1 year
$sql = "update sys_cms_login set cmsusername=?, cmsloginname=?, lastupdate=?, cmsloginpw=?, password_expirydate=? where cmsloginid=?";
$sth2 = $dbh->prepare($sql);
$parameter = array($_POST["username"], $_POST["loginname"], $nowdate, $loginpw, $password_expirydate, $_POST["cmsloginid"]);
if (!$sth2->execute($parameter))
throw new Exception('[' . $sth1->errorCode() . ']: ' . $sth1->errorInfo());
else {
unset($_SESSION['loginname']);
unset($_SESSION['password']);
unset($_SESSION['loginid']);
unset($_SESSION['cmsloginid']);
unset($_SESSION['role']);
unset($_SESSION['cmsrole']);
header("Location: login.php");
exit;
}
} else {
$sql = "update sys_cms_login set cmsusername=?, cmsloginname=?, lastupdate=? where cmsloginid=?";
$sth2 = $dbh->prepare($sql);
$parameter = array($_POST["username"], $_POST["loginname"], $nowdate, $_POST["cmsloginid"]);
if (!$sth2->execute($parameter))
throw new Exception('[' . $sth1->errorCode() . ']: ' . $sth1->errorInfo());
else
header("Location: sys_cms_user_index.php?msg=2");
}
|