diff --git a/admin_index.php b/admin_index.php index 959a4632..6efb31ff 100644 --- a/admin_index.php +++ b/admin_index.php @@ -214,15 +214,11 @@ if ($page == 'overview') { } elseif($new_password != $new_password_confirm) { standard_error('newpasswordconfirmerror'); } else { - $chgpwd_stmt = Database::prepare(" - UPDATE `" . TABLE_PANEL_ADMINS . "` - SET `password`= :newpasswd - WHERE `adminid`= :adminid" - ); - Database::pexecute($chgpwd_stmt, array( - 'newpasswd' => makeCryptPassword($new_password), - 'adminid' => (int)$userinfo['adminid'] - )); + try { + Admins::getLocal($userinfo, array('id' => $userinfo['adminid'], 'admin_password' => $new_password))->update(); + } catch (Exception $e) { + dynamic_error($e->getMessage()); + } $log->logAction(ADM_ACTION, LOG_NOTICE, 'changed password'); redirectTo($filename, Array('s' => $s)); } @@ -238,16 +234,13 @@ if ($page == 'overview') { $def_language = validate($_POST['def_language'], 'default language'); if (isset($languages[$def_language])) { - $lng_stmt = Database::prepare(" - UPDATE `" . TABLE_PANEL_ADMINS . "` - SET `def_language`= :deflng - WHERE `adminid`= :adminid" - ); - Database::pexecute($lng_stmt, array( - 'deflng' => $def_language, - 'adminid' => (int)$userinfo['adminid'] - )); + try { + Admins::getLocal($userinfo, array('id' => $userinfo['adminid'], 'def_language' => $def_language))->update(); + } catch (Exception $e) { + dynamic_error($e->getMessage()); + } + // also update current session $lng_stmt = Database::prepare(" UPDATE `" . TABLE_PANEL_SESSIONS . "` SET `language`= :lng @@ -258,7 +251,6 @@ if ($page == 'overview') { 'hash' => $s )); } - $log->logAction(ADM_ACTION, LOG_NOTICE, "changed his/her default language to '" . $def_language . "'"); redirectTo($filename, array('s' => $s)); @@ -284,17 +276,13 @@ if ($page == 'overview') { && $_POST['send'] == 'send' ) { $theme = validate($_POST['theme'], 'theme'); + try { + Admins::getLocal($userinfo, array('id' => $userinfo['adminid'], 'theme' => $theme))->update(); + } catch (Exception $e) { + dynamic_error($e->getMessage()); + } - $theme_stmt = Database::prepare(" - UPDATE `" . TABLE_PANEL_ADMINS . "` - SET `theme`= :theme - WHERE `adminid`= :adminid" - ); - Database::pexecute($theme_stmt, array( - 'theme' => $theme, - 'adminid' => (int)$userinfo['adminid'] - )); - + // also update current session $theme_stmt = Database::prepare(" UPDATE `" . TABLE_PANEL_SESSIONS . "` SET `theme`= :theme diff --git a/customer_index.php b/customer_index.php index 71877c71..85d02158 100644 --- a/customer_index.php +++ b/customer_index.php @@ -122,15 +122,11 @@ if ($page == 'overview') { standard_error('newpasswordconfirmerror'); } else { // Update user password - $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` - SET `password` = :newpassword - WHERE `customerid` = :customerid" - ); - $params = array( - "newpassword" => makeCryptPassword($new_password), - "customerid" => $userinfo['customerid'] - ); - Database::pexecute($stmt, $params); + try { + Customers::getLocal($userinfo, array('id' => $userinfo['customerid'], 'new_customer_password' => $new_password))->update(); + } catch (Exception $e) { + dynamic_error($e->getMessage()); + } $log->logAction(USR_ACTION, LOG_NOTICE, 'changed password'); // Update ftp password @@ -181,21 +177,20 @@ if ($page == 'overview') { if (isset($_POST['send']) && $_POST['send'] == 'send') { $def_language = validate($_POST['def_language'], 'default language'); if (isset($languages[$def_language])) { - $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` - SET `def_language` = :lang - WHERE `customerid` = :customerid" - ); - Database::pexecute($stmt, array("lang" => $def_language, "customerid" => $userinfo['customerid'])); + try { + Customers::getLocal($userinfo, array('id' => $userinfo['customerid'], 'def_language' => $def_language))->update(); + } catch (Exception $e) { + dynamic_error($e->getMessage()); + } + // also update current session $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_SESSIONS . "` SET `language` = :lang WHERE `hash` = :hash" ); Database::pexecute($stmt, array("lang" => $def_language, "hash" => $s)); - - $log->logAction(USR_ACTION, LOG_NOTICE, "changed default language to '" . $def_language . "'"); } - + $log->logAction(USR_ACTION, LOG_NOTICE, "changed default language to '" . $def_language . "'"); redirectTo($filename, array('s' => $s)); } else { $default_lang = Settings::Get('panel.standardlanguage'); @@ -213,13 +208,13 @@ if ($page == 'overview') { } elseif ($page == 'change_theme') { if (isset($_POST['send']) && $_POST['send'] == 'send') { $theme = validate($_POST['theme'], 'theme'); + try { + Customers::getLocal($userinfo, array('id' => $userinfo['customerid'], 'theme' => $theme))->update(); + } catch (Exception $e) { + dynamic_error($e->getMessage()); + } - $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` - SET `theme` = :theme - WHERE `customerid` = :customerid" - ); - Database::pexecute($stmt, array("theme" => $theme, "customerid" => $userinfo['customerid'])); - + // also update current session $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_SESSIONS . "` SET `theme` = :theme WHERE `hash` = :hash" diff --git a/lib/classes/api/commands/class.Admins.php b/lib/classes/api/commands/class.Admins.php index 5779b68c..4c66592d 100644 --- a/lib/classes/api/commands/class.Admins.php +++ b/lib/classes/api/commands/class.Admins.php @@ -313,14 +313,14 @@ class Admins extends ApiCommand implements ResourceEntity $name = $this->getParam('name', true, $result['name']); $idna_convert = new idna_convert_wrapper(); $email = $this->getParam('email', true, $idna_convert->decode($result['email'])); + $password = $this->getParam('admin_password', true, ''); + $def_language = $this->getParam('def_language', true, $result['def_language']); $custom_notes = $this->getParam('custom_notes', true, $result['custom_notes']); $custom_notes_show = $this->getParam('custom_notes_show', true, $result['custom_notes_show']); $theme = $this->getParam('theme', true, $result['theme']); // you cannot edit some of the details of yourself if ($result['adminid'] == $this->getUserDetail('userid')) { - $password = ''; - $def_language = $result['def_language']; $deactivated = $result['deactivated']; $customers = $result['customers']; $domains = $result['domains']; @@ -341,8 +341,6 @@ class Admins extends ApiCommand implements ResourceEntity $traffic = $result['traffic']; $ipaddress = $result['ip']; } else { - $password = $this->getParam('admin_password', true, ''); - $def_language = $this->getParam('def_language', true, $result['def_language']); $deactivated = $this->getParam('deactivated', true, $result['deactivated']); $dec_places = Settings::Get('panel.decimal_places'); @@ -377,6 +375,7 @@ class Admins extends ApiCommand implements ResourceEntity $def_language = validate($def_language, 'default language', '', '', array(), true); $custom_notes = validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true); $theme = validate($theme, 'theme', '', '', array(), true); + $password = validate($password, 'password', '', '', array(), true); if (Settings::Get('system.mail_quota_enabled') != '1') { $email_quota = - 1; @@ -390,16 +389,6 @@ class Admins extends ApiCommand implements ResourceEntity $theme = Settings::Get('panel.default_theme'); } - $password = validate($password, 'password', '', '', array(), true); - // only check if not empty, - // cause empty == generate password automatically - if ($password != '') { - $password = validatePassword($password, true); - } - - $diskspace = $diskspace * 1024; - $traffic = $traffic * 1024 * 1024; - if ($name == '') { standard_error(array( 'stringisempty',