blob: 6d4d017fa03d2de002f703cd5ee4744273b65cce [file] [log] [blame]
Copybara botbe50d492023-11-30 00:16:42 +01001<?php
Adrià Vilanova Martínez5af86512023-12-02 20:44:16 +01002/*
3 * hores
4 * Copyright (c) 2023 Adrià Vilanova Martínez
5 *
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU Affero General Public License as
8 * published by the Free Software Foundation, either version 3 of the
9 * License, or (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Affero General Public License for more details.
15 *
16 * You should have received a copy of the GNU Affero General Public
17 * License along with this program.
18 * If not, see http://www.gnu.org/licenses/.
19 */
20
Copybara botbe50d492023-11-30 00:16:42 +010021require_once("core.php");
22security::checkType(security::ADMIN);
23
24if (!security::checkParams("POST", [
25 ["id", security::PARAM_NEMPTY],
26 ["username", security::PARAM_NEMPTY],
27 ["name", security::PARAM_NEMPTY],
28 ["dni", security::PARAM_ISSET],
29 ["email", security::PARAM_ISEMAILOREMPTY],
30 ["category", security::PARAM_NEMPTY],
31 ["type", security::PARAM_ISSET]
32])) {
33 security::go("users.php?msg=empty");
34}
35
36$id = (int)$_POST["id"];
37$username = $_POST["username"];
38$name = $_POST["name"];
39$dni = $_POST["dni"];
40$email = $_POST["email"];
41$category = (int)$_POST["category"];
42$type = (int)$_POST["type"];
43
44$p = people::get($id);
45if ($p === false) security::go("users.php?msg=unexpected");
46
47if (!security::isAllowed($type) || !security::isAllowed($p["type"]) || !categories::exists($category) || !security::existsType($type)) security::go("users.php?msg=unexpected");
48
49if (people::edit($id, $username, $name, $dni, $email, $category, $type)) {
50 if (security::checkParams("POST", [["password", security::PARAM_NEMPTY]])) {
51 if (!security::passwordIsGoodEnough($_POST["password"])) security::go("users.php?msg=weakpassword");
52
53 $password_hash = password_hash($_POST["password"], PASSWORD_DEFAULT);
54 if (!people::updatePassword($id, $password_hash)) {
55 security::go("users.php?msg=couldntupdatepassword");
56 }
57 }
58} else {
59 security::go("users.php?msg=unexpected");
60}
61
62security::go("users.php?msg=modified");