Current File : //proc/thread-self/root/var/softaculous/humhub/_edit.php
<?php
//////////////////////////////////////////////////////////////
//===========================================================
// edit.php(For individual softwares)
//===========================================================
// SOFTACULOUS
// Version : 1.0
// Inspired by the DESIRE to be the BEST OF ALL
// ----------------------------------------------------------
// Started by: Alons
// Date: 10th Jan 2009
// Time: 21:00 hrs
// Site: http://www.softaculous.com/ (SOFTACULOUS)
// ----------------------------------------------------------
// Please Read the Terms of use at http://www.softaculous.com
// ----------------------------------------------------------
//===========================================================
// (c)Softaculous Inc.
//===========================================================
//////////////////////////////////////////////////////////////
if(!defined('SOFTACULOUS')){
die('Hacking Attempt');
}
/////////////////////////////////////////
// All functions in this PAGE must begin
// with TWO UNDERSCORE '__' to avoid
// clashes with SOFTACULOUS Functions
// e.g. __funcname()
/////////////////////////////////////////
//////////////////////////////////////////
// Note : The path of the edit package
// is $software['path'].'/' . So to
// access other files use
// $software['path'].'/other_file.ext'
//////////////////////////////////////////
//The Edit process
function __edit($installation){
global $__settings, $globals, $setupcontinue, $software, $error;
$__settings['admin_username'] = optPOST('admin_username');
$__settings['admin_pass'] = optPOST('admin_pass');
// Do we need to reset the password ?
if(!empty($__settings['admin_pass'])){
// We need the username
if(empty($__settings['admin_username'])){
$error[] = '{{err_no_username}}';
return false;
}
// This is to get dbprefix from import.php
sp_include_once($software['path'].'/import.php');
$r = call_user_func('__import_'.$software['softname'], $installation['softpath']);
$__settings['softdbhost'] = $r['softdbhost'];
$__settings['softdbuser'] = $r['softdbuser'];
$__settings['softdbpass'] = $r['softdbpass'];
$__settings['softdb'] = $r['softdb'];
if(!empty($error)){
return false;
}
//Only users which are enabled will be able to edit password(i.e status = 1), so we also check `status` field value
$query = "SELECT `id` FROM `user` WHERE `username` = '".$__settings['admin_username']."' AND `status` = 1;";
// Does this user exist ?
$result = sdb_query($query, $__settings['softdbhost'], $__settings['softdbuser'], $__settings['softdbpass'], $__settings['softdb']);
$userid = $result[0]['id'];
if(empty($userid)){
$error[] = '{{err_no_such_user}}';
return false;
}else{
/*Select the last entry of salt for respective user*/
$query_salt = "SELECT `salt` FROM `user_password` WHERE `user_id` = '".$userid."' ORDER BY `id` DESC LIMIT 1;";
$result_salt = sdb_query($query_salt, $__settings['softdbhost'], $__settings['softdbuser'], $__settings['softdbpass'], $__settings['softdb']);
sp_include_once($software['path'].'/install.php');
$__settings['salt'] = $result_salt[0]['salt'];
// creating password using install.php __admin_pass() function
$__settings['admin_pass'] = __ad_pass($__settings['admin_pass']);
if(!empty($error)){
return false;
}
// Update the password now
/*Update the last entry of `password` for respective user in `user_password` table, as internally script uses INSERT query and adds an entire new row
to create new password entry. There might be a chance that user might have edited password internally and the new row might be present. So we would
only update that respective last entry*/
$update_query = "UPDATE `user_password` SET `password` = '".$__settings['admin_pass']."' WHERE `user_id` = '".$userid."' ORDER BY `id` DESC LIMIT 1;";
$result = sdb_query($update_query, $__settings['softdbhost'], $__settings['softdbuser'], $__settings['softdbpass'], $__settings['softdb']);
}
}
}
?>
Mini Shell