ok
Mini Shell
<?php
session_start();
include_once('includes/custom-functions.php');
$fn = new custom_functions;
// start session
// set time for session timeout
$currentTime = time() + 25200;
$expired = 3600;
// if session not set go to login page
if (!isset($_SESSION['user'])) {
header("location:index.php");
}
// if current time is more than session timeout back to login page
if ($currentTime > $_SESSION['timeout']) {
session_destroy();
header("location:index.php");
}
// destroy previous session timeout and create new one
unset($_SESSION['timeout']);
$_SESSION['timeout'] = $currentTime + $expired;
?>
<?php include "header.php"; ?>
<html>
<head>
<title>Admin Profile | <?= $settings['app_name'] ?> - Dashboard</title>
</head>
</body>
<!-- Content Wrapper. Contains page content -->
<div class="content-wrapper">
<?php $username = $_SESSION['user'];
$data = array();
$res = $fn->get_data($columns = ['password', 'email'], 'username = "' . $username . '"', 'admin');
$previous_password = $res[0]['password'];
$previous_email = $res[0]['email'];
if (isset($_POST['btnChange'])) {
if (ALLOW_MODIFICATION == 0 && !defined(ALLOW_MODIFICATION)) {
echo '<label class="alert alert-danger">This operation is not allowed in demo panel!.</label>';
return false;
}
$email = $db->escapeString($fn->xss_clean($_POST['email']));
$update_username = $db->escapeString($fn->xss_clean($_POST['username']));
$old_password = md5($db->escapeString($fn->xss_clean($_POST['old_password'])));
$new_password = md5($db->escapeString($fn->xss_clean($_POST['new_password'])));
$confirm_password = md5($db->escapeString($fn->xss_clean($_POST['confirm_password'])));
// create array variable to handle error
$error = array();
// check email
if (empty($email)) {
$error['email'] = " <span class='label label-danger'>Email required!</span>";
} else {
$valid_mail = "/^\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\b$/i";
if (!preg_match($valid_mail, $email)) {
$error['email'] = " <span class='label label-danger'>Wrong email format!</span>";
} else {
// update password in user table
if (empty($error)) {
$sql_query = "UPDATE admin SET email = '" . $email . "' WHERE username ='" . $username . "'";
$db->sql($sql_query);
$update_result1 = $db->getResult();
}
}
}
// check password
if (empty($error)) {
if (!empty($_POST['old_password']) || !empty($_POST['new_password']) || !empty($_POST['confirm_password'])) {
if (!empty($_POST['old_password'])) {
if ($old_password == $previous_password) {
if ($new_password == $confirm_password) {
// update password in user table
if (!empty($_POST['new_password'])) {
$sql_query = "UPDATE admin SET `password` = '" . $new_password . "',`username`='" . $update_username . "' WHERE `username` ='" . $username . "'";
} else {
$sql_query = "UPDATE admin SET `username`='" . $update_username . "', `email`='" . $email . "' WHERE `username` ='" . $username . "'";
}
$db->sql($sql_query);
$update_result = $db->getResult();
if ($username != $update_username || !empty($_POST['new_password'])) { ?>
<script>
window.location = "logout.php";
</script>
<?php } ?>
<?php } else {
$error['confirm_password'] = " <span class='label label-danger'>New password don't match!</span>";
}
} else {
$error['old_password'] = " <span class='label label-danger'>Current password wrong!</span>";
}
}
}
}
// check update result
if (empty($error)) {
if ($previous_email != $email) {
$error['update_user'] = " <h4><div class='alert alert-success'>Email updated successfully!</div></h4>"; ?>
<script>
window.location = "admin-profile.php";
</script>
<?php } else {
$error['update_user'] = " <h4><div class='alert alert-info'>You have made no changes!</div></h4>";
}
} else {
$error['update_user'] = " <h4><div class='alert alert-danger'> Failed! Couldn't update password! Try Again </div></h4>";
}
} ?>
<section class="content-header">
<h1>Administrator</h1>
<ol class="breadcrumb">
<li><a href="home.php"> <i class="fa fa-home"></i> Home</a></li>
</ol>
<div class="msg"><?= isset($error['update_user']) ? $error['update_user'] : ''; ?> </div>
<hr />
</section>
<section class="content">
<!-- Main row -->
<div class="row">
<div class="col-md-6">
<!-- general form elements -->
<div class="box box-primary">
<div class="box-header with-border">
<h3 class="box-title">Edit Administrator details</h3>
</div><!-- /.box-header -->
<!-- form start -->
<form id='change_password_form' method="post" enctype="multipart/form-data">
<div class="box-body">
<div class="form-group">
<span class="label label-primary">If you change username or password you will need to login again.</span>
</div>
<div class="form-group">
<label for="exampleInputEmail1">Username : </label>
<input type="text" class="form-control" name="username" id="disabledInput" value="<?= $username; ?>" />
</div>
<div class="form-group">
<label for="exampleInputEmail1">Email :</label>
<div class="msg"><?= isset($error['email']) ? $error['email'] : ''; ?></div>
<input type="email" class="form-control" name="email" value="<?= $email; ?>" />
</div>
<div class="form-group">
<label for="exampleInputEmail1">Current Password :</label>
<div class="msg"><?= isset($error['old_password']) ? $error['old_password'] : ''; ?></div>
<input type="password" class="form-control" name="old_password" />
</div>
<div class="form-group">
<label for="exampleInputEmail1">New Password :</label>
<div class="msg"><?= isset($error['new_password']) ? $error['new_password'] : ''; ?></div>
<input type="password" class="form-control" name="new_password" id="new_password" />
</div>
<div class="form-group">
<label for="exampleInputEmail1">Re Type New Password :</label>
<div class="msg"><?= isset($error['confirm_password']) ? $error['confirm_password'] : ''; ?></div>
<input type="password" class="form-control" name="confirm_password" />
</div>
<div class="box-footer">
<input type="submit" class="btn-primary btn" value="Change" name="btnChange" />
</div>
</div><!-- /.box -->
</form>
</div>
</div>
</section>
<div class="separator"> </div>
</div><!-- /.content-wrapper -->
</body>
</html>
<?php include "footer.php"; ?>
<script src="dist/js/jquery.validate.min.js"></script>
<script>
// Function that validates email address through a regular expression.
$('#change_password_form').validate({
rules: {
username: "required",
old_password: "required",
email: "required",
new_password: {
minlength: 8
},
confirm_password: {
minlength: 8,
equalTo: '#new_password'
},
}
});
var data = $('.msg').html();
if (data != '') {
$('.msg').show().delay(3000).fadeOut();
}
</script>
Zerion Mini Shell 1.0