This repository has been archived by the owner on Feb 5, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprofile.php
88 lines (87 loc) · 3.81 KB
/
profile.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?php
/*
TODO: Security Check for permission
*/
include_once ('core/init.php');
include ('core/secure.php');
require_once 'core/functionalities.php';
use core\functionalities;
require_once 'semi-orm/Users.php';
use orm\Users;
$functionalitiesInstance = new functionalities();
$user = new Users($conn);
if ($functionalitiesInstance->ifexistsidx($_GET, 'id') == ""
&&
$user->GetRoleById($functionalitiesInstance->ifexistsidx($_SESSION, 'PHP_AUTH_ID')) == 'ADMIN')
{
exit(header("Location: " . $npath . '/users.php'));
}
require_once 'semi-orm/Posts.php';
use orm\Posts;
$post = new Posts($conn);
$Id = $functionalitiesInstance->ifexistsidx($_GET, 'id');
$LoggedInUserId = $functionalitiesInstance->ifexistsidx($_SESSION, 'PHP_AUTH_ID');
$Role = $user->GetRoleById($LoggedInUserId);
if (isset($_POST["updatepass"])) {
$user->ChangePassword(
($Role != 'ADMIN'),
$functionalitiesInstance->ifexistsidx($_POST, 'id'),
mysqli_real_escape_string($conn, $_POST['username']),
mysqli_real_escape_string($conn, $_POST['prev']),
mysqli_real_escape_string($conn, $_POST['new']),
mysqli_real_escape_string($conn, $_POST['confirm'])
);
}
include ('master/public-header.php');
$Username = $user->GetUsernameById($Id);
?>
<form action="profile.php" method="post" id="edit">
<label for="title"><?= $functionalitiesInstance->label("نام کاربری"); ?></label>
<input name="username" readonly type="text" value="<?= $Username ?>" />
<div class="pass">
<input name="id" type="hidden" value="<?= $Id ?>" />
<?php
if ($Role != 'ADMIN' || $LoggedInUserId == $Id)
{
echo '<label for="prev">' . $functionalitiesInstance->label("گذرواژهی قبلی") . '</label>';
echo '<input name="prev" type="password" />';
}
else
{
echo '<input name="prev" type="hidden" />';
}
?>
<label for="new"><?= $functionalitiesInstance->label("گذرواژهی جدید"); ?></label>
<input name="new" type="password" />
<label for="confirm"><?= $functionalitiesInstance->label("تکرار"); ?></label>
<input name="confirm" type="password" />
<input name="updatepass" type="submit" value="<?= $functionalitiesInstance->label("به روز رسانی"); ?>" />
</div>
</form>
<section>
<img src="drawable/profile.png" />
<a href="#"><?= $functionalitiesInstance->label("نام کاربری") .': ' . $Username ?></a>
<a id="changepass" href="#" ><?= $functionalitiesInstance->label("تغییر کلمهی عبور") ?></a>
<a href="box.php?id=<?= $Id ?>"><?=$functionalitiesInstance->label("جعبه")?></a>
<a href="search.php?Q=%40<?= $Username ?>"><?= $functionalitiesInstance->label("فعالیت") ?></a>
<a href="database.php?id=<?= $Id ?>" ><?= $functionalitiesInstance->label("پایگاه داده") ?></a>
</section>
<section>
<?php
if ($functionalitiesInstance->ifexistsidx($_GET, 'masterid') == "")
$rows = $post->ToList(-1, -1, "Status", "ASC", "WHERE `Type` = 'ANSR' AND (`UserID` = '" . mysqli_real_escape_string($conn, $functionalitiesInstance->ifexistsidx($_GET, 'id')) . "')");
else
$rows = $post->ToList(-1, -1, "Status", "ASC", "WHERE `Type` = 'ANSR' AND (`UserID` = '" . mysqli_real_escape_string($conn, $functionalitiesInstance->ifexistsidx($_GET, 'id')) . "') AND `RefrenceID` = '" . mysqli_real_escape_string($conn, $functionalitiesInstance->ifexistsidx($_GET, 'masterid')) . "'");
foreach ($rows as $row) {
$refrence = $post->FirstOrDefault($row['RefrenceID']);
$_GET["level"] = 'profile';
$_GET["type"] = 'ANSR';
include ('views/render.php');
}
?>
</section>
<?php
include ('helper/user_role.php');
include ('helper/user_active.php');
include ('master/public-footer.php');
?>