From f472c60b18469ff8a06963708174dea1bfc08015 Mon Sep 17 00:00:00 2001
From: Evan O'Connell <oconn.e@gmail.com>
Date: Sun, 18 Aug 2013 18:29:07 -0400
Subject: Adds untracked changes

---
 admin/admins/functions.php | 91 +++++++++++++++++++++++++++++++++++++---------
 admin/admins/index.php     |  4 ++
 2 files changed, 77 insertions(+), 18 deletions(-)

(limited to 'admin/admins')

diff --git a/admin/admins/functions.php b/admin/admins/functions.php
index f3da1be..016b7a1 100644
--- a/admin/admins/functions.php
+++ b/admin/admins/functions.php
@@ -101,25 +101,15 @@
 			ReportError("The email and or username you entered is already in use.");
 			return;
 		}
-		
-		
-		$Name = "Rocky the Marne Dog";
-		$subject = "3rd ID Admin Password";
-		$header = "From: ". $Name . " < DO NOT RESPOND >\r\n"; //optional headerfields 
-		$mail_body = "Do not respond to this email.\n\n------------------------------\nUsername: ".$username."\nPassword: ".$password."\n------------------------------\n\nTo login click on this link. http://testbed.3rd-infantry-division.org/cms/admin/ \n\nIt is recommended that you change your password once you login. To do so, click on Account Settings>Change Password.";
-		
-		$sent = mail($email, $subject, $mail_body, $header);
-		if(!$sent){
-			ReportError("Error validating email. This user was not saved.");
-			return;		
-		} 
-				
+
+		EmailPassword($username, $password, $email);
+
 		$db->Query("INSERT INTO `bayonet_users` (`user_id` ,`username` ,`password` ,`lastname` ,`firstname` ,`email` ,`joined` ,`level` ,`all` ,`squadleader` ,`adjutant` ,`quartermaster`) VALUES (NULL, '$username', '$cryptpassword', '$last', '$first', '$email', CURRENT_TIMESTAMP, $level, $all, $squadleader, $adjutant, $quartermaster)");
 									
    		echo "Admin, '$username' level '$level' has been added. An email has been sent to him with his username and password.\n <br /><br /> 
 			Please wait while you are redirected. <br /><br /> 
 			<a href=\"?op=admins\">Click here if you don't feel like waiting.</a>";
-					
+
 	    // 3 second redirect to go back to the edit page
    		PageRedirect(2, "?op=admins");
 	    return;
@@ -158,6 +148,22 @@
 <?php
  }
  
+ function EmailPassword($username, $password, $email)
+ {
+ 		$name = "Bayonet CMS";
+		$subject = "Bayonet CMS Admin Password";
+		$header = "From: ". $name . " < DO NOT RESPOND >\r\n"; //optional headerfields 
+		$mail_body = "Do not respond to this email.\n\n------------------------------\nUsername: ".$username."\nPassword: ".$password."\n------------------------------\n\nTo login click on this link. ".Bayonet_Config::$ini['site']['url']."admin/ \n\nIt is recommended that you change your password once you login. To do so, click on Account Settings>Change Password.";
+
+		$sent = mail($email, $subject, $mail_body, $header);
+		if(!$sent){
+			ReportError("Error validating email. This user was not saved.");
+			return false;		
+		}
+		
+		return true;
+ }
+ 
  function GetPermissions($user = NULL)
  {
  ?>
@@ -217,7 +223,7 @@
     while(strlen($string)<$length) { 
         $string .= substr($possible_charactors, rand()%(strlen($possible_charactors)),1); 
     } 
-    return($string); 
+    return($string);
  }
  
  function EditAdmin($user_id)
@@ -264,7 +270,11 @@
 		Edit the attributes of this administrator.<br />
 		<form method="POST" action="<?php $_SERVER['PHP_SELF']?>">
 		<table>
-			<tr><th>Username:</th><td><input type="text" value="<?php echo $admin['username']; ?>" name="username" /></td></tr>
+			<tr><th>Username:</th><td><input type="text" value="<?php echo $admin['username']; ?>" name="username" />
+		<?php if($maxLevel >= 2): ?>
+			<a href="?op=admins&resetpassword=<?php echo $user_id; ?>"><input type="button" value="Reset Password" /></a>
+		<?php endif; ?>
+			</td></tr>
 			<tr>
 				<th>Level:</th>
 				<td>
@@ -299,8 +309,8 @@
 	global $db;
 	$maxLevel = $_SESSION['level'];
 		  
-	$result = $db->Query("SELECT `username` FROM `bayonet_users` WHERE `user_id` = '$user_id'");
-	$admin = $db->Fetch($result);
+	$result = $db->Query("SELECT `username` FROM `bayonet_users` WHERE `user_id` = '$user_id' LIMIT 1");
+	$admin = $db->FetchRow($result);
 		  
 	if(isset($_POST['proceed']))
 	{
@@ -326,4 +336,49 @@
 	</center>
 	<?php
  }
+ 
+ function ResetPassword($user_id)
+ {
+ 	global $db;
+ 	$result = $db->Query("SELECT `username`, `email` FROM `bayonet_users` WHERE `user_id` = '$user_id' LIMIT 1");
+ 	$admin = $db->FetchRow($result);
+ 	decho($admin);
+ 	
+ 	if(isset($_POST['proceed']))
+ 	{
+ 		$password = GeneratePassword(8);		
+		$cryptpassword = crypt(md5($password),'iamnotadirtywhorebitch');
+		
+		$status = EmailPassword($admin['username'], $password, $admin['email']);
+		
+		if($status)
+		{
+			$db->Query("UPDATE `bayonet_users` SET `password` = '$cryptpassword' WHERE `user_id` = '$user_id' LIMIT 1");
+			echo "Password has been reset and emailed to '{$admin['username']}'";
+ 			PageRedirect(3, "?op=admins");
+		}
+		else
+		{
+			ReportError("An error has occured emailing the new password. It will not take effect.");
+		}
+ 		
+ 		return;
+ 	}
+ 	if(isset($_POST['cancel']))
+ 	{
+ 		echo "The password <b>WILL NOT</b> be reset for '{$admin['username']}'";
+ 		PageRedirect(3, "?op=admins");
+ 		return;
+ 	}
+ 	?>
+	<center>
+	<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
+	<table>
+	<th>Are you SURE you want to reset this user's password: '<?php echo $admin['username']?>'?</th>
+	<tr><th><button name="proceed">Yes</button>&nbsp;&nbsp;&nbsp;<button name="cancel">No</button></th></tr>
+	</table>
+	</form>
+	</center>
+	<?php
+ }
  ?>
\ No newline at end of file
diff --git a/admin/admins/index.php b/admin/admins/index.php
index a2e71e9..87ce2a0 100644
--- a/admin/admins/index.php
+++ b/admin/admins/index.php
@@ -48,6 +48,10 @@ else if(isset($_GET['delete'])){
 else if(isset($_GET['create'])){
   NewAdmin();
 }
+else if(isset($_GET['resetpassword'])){
+  $user_id = $_GET['resetpassword'];
+  ResetPassword($user_id);
+}
 ?>
 	</td>
 	</tr>
-- 
cgit