time = time(); $this->startSession(); } /** * startSession - Performs all the actions necessary to * initialize this session object. Tries to determine if the * the user has logged in already, and sets the variables * accordingly. Also takes advantage of this page load to * update the active visitors tables. */ function startSession() { global $db; //The database connection session_start(); //Tell PHP to start the session setcookie("PHPSESSID", session_id(), 0, "/", ".firstchat.net"); /* Determine if user is logged in */ $this->logged_in = $this->checkLogin(); /** * Set guest value to users not logged in, and update * active guests table accordingly. */ if (!$this->logged_in) { $this->username = $_SESSION['username'] = GUEST_NAME; $this->userlevel = GUEST_LEVEL; $this->ircnick = 'FIRSTer'; } /* Set referrer page */ if (isset($_SESSION['url'])) { $this->referrer = $_SESSION['url']; } else { $this->referrer = "/"; } if(isset($_GET['ref'])) $this->referrer = urldecode($_GET['ref']); /* Set current url */ $this->url = $_SESSION['url'] = 'http://'.$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]; if (isset($_GET['page']) && ($_GET['page'] == 'login' || $_GET['page'] == 'logout' || $_GET['page'] == 'register')) $_SESSION['url'] = $this->referrer; } /** * checkLogin - Checks if the user has already previously * logged in, and a session with the user has already been * established. Also checks to see if user has been remembered. * If so, the database is queried to make sure of the user's * authenticity. Returns true if the user has logged in. */ function checkLogin() { global $db; //The database connection /* Check if user has been remembered */ if (isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])) { $this->username = $_SESSION['username'] = $_COOKIE['cookname']; $this->usertoken = $_SESSION['usertoken'] = $_COOKIE['cookid']; } /* Username and userid have been set and not guest */ if (isset($_SESSION['username']) && isset($_SESSION['usertoken']) && $_SESSION['username'] != GUEST_NAME) { /* Confirm that username and userid are valid */ $token = $db->query_single("SELECT user_token FROM user WHERE user_name='{$_SESSION['username']}'"); if ($token != $_SESSION['usertoken']) { /* Variables are incorrect, user not logged in */ unset($_SESSION['username']); unset($_SESSION['usertoken']); return false; } /* User is logged in, set class variables */ $this->userinfo = $db->query_single("SELECT * FROM user WHERE user_name='{$_SESSION['username']}'", true); $this->username = $this->userinfo['user_name']; $this->userid = $this->userinfo['user_id']; $this->userlevel = $this->userinfo['user_level']; $this->usertoken = $this->userinfo['user_token']; $this->ircnick = $this->userinfo['user_irc_nick']; $this->userprefs = unserialize($this->userinfo['user_options']); if($this->ircnick == '') $this->ircnick = 'FIRSTer'; return true; } else { return false; } } /** * login - The user has submitted his username and password * through the login form, this function checks the authenticity * of that information in the database and creates the session. * Effectively logging in the user if all goes well. */ function login($user, $pass, $remember = false) { global $db, $form; //The database and form object /* Username error checking */ if (!$user || strlen($user = trim($user)) == 0) { $form->setError('user', "* Username not entered"); } else { /* Check if username is not alphanumeric */ if (!preg_match('/^([0-9a-z]*)$/i', $user)) { $form->setError('user', "* Invalid username or password"); } } /* Password error checking */ if (!$pass) { $form->setError('pass', "* Password not entered"); } if ($form->num_errors > 0) { return false; } /* Checks that username is in database and password is correct */ $user = stripslashes($user); $pass = md5($pass); $result = $db->query_single("SELECT user_id FROM user WHERE user_name='$user' AND user_password='$pass'"); $banned = $db->query_single("SELECT 1 FROM banlist WHERE ban_userid='$result'"); /* Check error codes */ if (!$result) { $form->setError('user', "* Invalid username or password"); } elseif ($banned) { $form->setError('user', "You are banned"); } /* Return if form errors exist */ if ($form->num_errors > 0) { return false; } /* Username and password correct, register session variables */ $this->userinfo = $db->query_single("SELECT * FROM user WHERE user_name='$user'", true); $this->username = $_SESSION['username'] = $this->userinfo['user_name']; $this->userid = $this->userinfo['user_id']; $this->usertoken = $_SESSION['usertoken'] = $this->generateRandID(); $this->userlevel = $this->userinfo['user_level']; /* Insert usertoken into database and update active users table */ $db->query("UPDATE user SET user_token='{$this->usertoken}', user_lastlogin=CURRENT_TIMESTAMP WHERE user_id='{$this->userid}'"); // $db->removeActiveGuest($_SERVER['REMOTE_ADDR']); /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his username, * and one to hold his random value userid. It expires by the time * specified in constants.php. Now, next time he comes to our site, we will * log him in automatically, but only if he didn't log out before he left. */ if ($remember) { setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH, ".firstchat.net"); setcookie("cookid", $this->usertoken, time()+COOKIE_EXPIRE, COOKIE_PATH, ".firstchat.net"); } /* Login completed successfully */ return true; } /** * logout - Gets called when the user wants to be logged out of the * website. It deletes any cookies that were stored on the users * computer as a result of him wanting to be remembered, and also * unsets session variables and demotes his user level to guest. */ function logout() { /** * Delete cookies - the time must be in the past, * so just negate what you added when creating the * cookie. */ if (isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])) { setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH); setcookie("cookid", "", time()-COOKIE_EXPIRE, COOKIE_PATH); } /* Unset PHP session variables */ unset($_SESSION['username']); unset($_SESSION['usertoken']); /* Reflect fact that user has logged out */ $this->logged_in = false; /* Set user level to guest */ $this->username = GUEST_NAME; $this->userlevel = GUEST_LEVEL; } /** * register - Gets called when the user has just submitted the * registration form. Determines if there were any errors with * the entry fields, if so, it records the errors and returns * 1. If no errors were found, it registers the new user and * returns 0. Returns 2 if registration failed. */ function register($subuser, $subpass, $subemail) { global $db, $form; /* Username error checking */ $field = "user"; //Use field name for username if (!$subuser || strlen($subuser = trim($subuser)) == 0) { $form->setError($field, "* Username not entered"); } else { /* Spruce up username, check length */ $subuser = stripslashes($subuser); if (strlen($subuser) < 5) { $form->setError($field, "* Username below 5 characters"); } elseif (strlen($subuser) > 30) { $form->setError($field, "* Username above 30 characters"); } elseif (!eregi("^([0-9a-z])+$", $subuser)) { $form->setError($field, "* Username not alphanumeric"); } elseif (strcasecmp($subuser, GUEST_NAME) == 0) { $form->setError($field, "* Username reserved word"); } elseif ($database->usernameTaken($subuser)) { $form->setError($field, "* Username already in use"); } elseif ($database->usernameBanned($subuser)) { $form->setError($field, "* Username banned"); } } /* Password error checking */ $field = "pass"; //Use field name for password if (!$subpass) { $form->setError("pass", "* Password not entered"); } else { /* Spruce up password and check length*/ $subpass = stripslashes($subpass); if (strlen($subpass) < 4) { $form->setError($field, "* Password too short"); } elseif (!eregi("^([0-9a-z])+$", ($subpass = trim($subpass)))) { $form->setError($field, "* Password not alphanumeric"); } } /* Email error checking */ $field = "email"; //Use field name for email if (!$subemail || strlen($subemail = trim($subemail)) == 0) { $form->setError($field, "* Email not entered"); } else { /* Check if valid email address */ $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*" ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*" ."\.([a-z]{2,}){1}$"; if (!eregi($regex,$subemail)) { $form->setError($field, "* Email invalid"); } $subemail = stripslashes($subemail); } if ($form->num_errors > 0) { return 1; //Errors with form } else { if ($database->addNewUser($subuser, md5($subpass), $subemail)) { return 0; //New user added succesfully } else { return 2; //Registration attempt failed } } } /** * editAccount - Attempts to edit the user's account information * including the password, which it first makes sure is correct * if entered, if so and the new password is in the right * format, the change is made. All other fields are changed * automatically. */ function editAccount($subcurpass, $subnewpass, $subconfpass, $subemail) { global $database, $form; //The database and form object /* New password entered */ if ($subnewpass) { /* Current Password error checking */ $field = "curpass"; //Use field name for current password if (!$subcurpass) { $form->setError($field, "* Current Password not entered"); } else { /* Check if password too short or is not alphanumeric */ $subcurpass = stripslashes($subcurpass); if (strlen($subcurpass) < 4 || !eregi("^([0-9a-z])+$", ($subcurpass = trim($subcurpass)))) { $form->setError($field, "* Current Password incorrect"); } /* Password entered is incorrect */ if ($database->confirmUserPass($this->username,md5($subcurpass)) != 0) { $form->setError($field, "* Current Password incorrect"); } } /* New Password error checking */ $field = "newpass"; //Use field name for new password /* Spruce up password and check length*/ $subpass = stripslashes($subnewpass); if (strlen($subnewpass) < 4) { $form->setError($field, "* New Password too short"); } elseif ($subconfpass != $subnewpass) { $field = "confpass"; //Use field name for confirmation password $form->setError($field, "* Passwords do not match"); } } elseif ($subcurpass) { /* New Password error reporting */ $field = "newpass"; //Use field name for new password $form->setError($field, "* New Password not entered"); } /* Email error checking */ $field = "email"; //Use field name for email if ($subemail && strlen($subemail = trim($subemail)) > 0) { /* Check if valid email address */ $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*" ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*" ."\.([a-z]{2,}){1}$"; if (!eregi($regex,$subemail)) { $form->setError($field, "* Email invalid"); } $subemail = stripslashes($subemail); } if ($form->num_errors > 0) { return false; //Errors with form } if ($subcurpass && $subnewpass) { $database->updateUserField($this->userid,"user_password",md5($subnewpass)); } if ($subemail) { $database->updateUserField($this->userid,"user_email",$subemail); } return true; } /** * isLevel - Returns true if currently logged in user is * of the specified level, false otherwise. */ function isLevel($level) { global $db; $result = $db->query("SELECT * FROM user_levels ORDER BY lvl_id"); while ($array = $result->fetch_array()) { $name = $array['lvl_name']; $lvlArray[$name] = $array['lvl_id']; } $result->close(); return ($this->userlevel >= $lvlArray[$level]); } /** * isAdmin - Returns true if currently logged in user is * an administrator, false otherwise. */ function isAdmin() { return ($this->userlevel >= ADMIN_LEVEL); } /** * generateRandID - Generates a string made up of randomized * letters (lower and upper case) and digits and returns * the md5 hash of it to be used as a userid. */ function generateRandID() { return md5($this->generateRandStr(16)); } /** * generateRandStr - Generates a string made up of randomized * letters (lower and upper case) and digits, the length * is a specified parameter. */ function generateRandStr($length) { $randstr = ""; for ($i=0; $i<$length; $i++) { $randnum = mt_rand(0,61); if ($randnum < 10) { $randstr .= chr($randnum+48); } elseif ($randnum < 36) { $randstr .= chr($randnum+55); } else { $randstr .= chr($randnum+61); } } return $randstr; } }; ?> query($query); if (!$result) throw new Exception($this->error); $res = $result->fetch_array(); return ($row) ? $res : $res[0]; } catch (Exception $e) { // die('Error: '.$e->getMessage()."\n"); } } } class MySQLdb { /** * confirmUserPass - Checks whether or not the given * username is in the database, if so it checks if the * given password is the same password in the database * for that user. If the user doesn't exist or if the * passwords don't match up, it returns an error code * (1 or 2). On success it returns 0. */ function confirmUserPass($username, $password){ /* Add slashes if necessary (for query) */ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } /* Verify that user is in database */ $q = "SELECT user_password FROM ".TBL_USERS." WHERE user_name = '$username'"; $result = mysql_query($q, $this->connection); if(!$result || (mysql_numrows($result) < 1)){ return 1; //Indicates username failure } /* Retrieve password from result, strip slashes */ $dbarray = mysql_fetch_array($result); $dbarray['user_password'] = stripslashes($dbarray['user_password']); $password = stripslashes($password); /* Verify that user is not banned */ $q = "SELECT user_name FROM ".TBL_BANNED_USERS." WHERE user_name = '$username'"; $result = mysql_query($q, $this->connection); if($result && (mysql_numrows($result) >= 1)){ return 3; //Indicates banned user } /* Validate that password is correct */ if($password == $dbarray['user_password']){ return 0; //Success! Username and password confirmed } else{ return 2; //Indicates password failure } } /** * confirmUserID - Checks whether or not the given * username is in the database, if so it checks if the * given userid is the same userid in the database * for that user. If the user doesn't exist or if the * userids don't match up, it returns an error code * (1 or 2). On success it returns 0. */ function confirmUserToken($username, $usertoken){ /* Add slashes if necessary (for query) */ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } /* Verify that user is in database */ $q = "SELECT user_token FROM ".TBL_USERS." WHERE user_name = '$username'"; $result = mysql_query($q, $this->connection); if(!$result || (mysql_numrows($result) < 1)){ return 1; //Indicates username failure } /* Retrieve userid from result, strip slashes */ $dbarray = mysql_fetch_array($result); $dbarray['user_token'] = stripslashes($dbarray['user_token']); $usertoken = stripslashes($usertoken); /* Validate that userid is correct */ if($usertoken == $dbarray['user_token']){ return 0; //Success! Username and userid confirmed } else{ return 2; //Indicates userid invalid } } /** * usernameTaken - Returns true if the username has * been taken by another user, false otherwise. */ function usernameTaken($username){ if(!get_magic_quotes_gpc()){ $username = addslashes($username); } $q = "SELECT user_name FROM ".TBL_USERS." WHERE user_name = '$username'"; $result = mysql_query($q, $this->connection); return (mysql_numrows($result) > 0); } /** * usernameBanned - Returns true if the username has * been banned by the administrator. */ function usernameBanned($username){ if(!get_magic_quotes_gpc()){ $username = addslashes($username); } $q = "SELECT user_name FROM ".TBL_BANNED_USERS." WHERE user_name = '$username'"; $result = mysql_query($q, $this->connection); return (mysql_numrows($result) > 0); } /** * addNewUser - Inserts the given (username, password, email) * info into the database. Appropriate user level is set. * Returns true on success, false otherwise. */ function addNewUser($username, $password, $email){ $time = datetime('YmdHis'); $ulevel = USER_LEVEL; $q = "INSERT INTO ".TBL_USERS." (user_name,user_password,user_email,user_registration,user_level) VALUES ('$username', '$password', '$email', $time, $ulevel)"; return mysql_query($q, $this->connection); } /** * updateUserField - Updates a field, specified by the field * parameter, in the user's row of the database. */ function updateUserField($userid, $field, $value){ $q = "UPDATE ".TBL_USERS." SET ".$field." = '$value' WHERE user_id = '$userid'"; return mysql_query($q, $this->connection); } /** * getUserInfo - Returns the result array from a mysql * query asking for all information stored regarding * the given username. If query fails, NULL is returned. */ function getUserInfo($username){ $q = "SELECT * FROM ".TBL_USERS." WHERE user_name = '$username'"; $result = mysql_query($q, $this->connection); /* Error occurred, return given name by default */ if(!$result || (mysql_numrows($result) < 1)){ return NULL; } /* Return result array */ $dbarray = mysql_fetch_array($result); return $dbarray; } /** * getNumMembers - Returns the number of signed-up users * of the website, banned members not included. The first * time the function is called on page load, the database * is queried, on subsequent calls, the stored result * is returned. This is to improve efficiency, effectively * not querying the database when no call is made. */ function getNumMembers(){ if($this->num_members < 0){ $q = "SELECT * FROM ".TBL_USERS; $result = mysql_query($q, $this->connection); $this->num_members = mysql_numrows($result); } return $this->num_members; } /** * calcNumActiveUsers - Finds out how many active users * are viewing site and sets class variable accordingly. */ function calcNumActiveUsers(){ /* Calculate number of users at site */ $q = "SELECT * FROM ".TBL_ACTIVE_USERS; $result = mysql_query($q, $this->connection); $this->num_active_users = mysql_numrows($result); } /** * calcNumActiveGuests - Finds out how many active guests * are viewing site and sets class variable accordingly. */ function calcNumActiveGuests(){ /* Calculate number of guests at site */ $q = "SELECT * FROM ".TBL_ACTIVE_GUESTS; $result = mysql_query($q, $this->connection); $this->num_active_guests = mysql_numrows($result); } /** * addActiveUser - Updates username's last active timestamp * in the database, and also adds him to the table of * active users, or updates timestamp if already there. */ function addActiveUser($username, $time){ $q = "UPDATE ".TBL_USERS." SET user_lastlogin=CURRENT_TIMESTAMP WHERE user_name = '$username'"; mysql_query($q, $this->connection); if(!TRACK_VISITORS) return; $q = "REPLACE INTO ".TBL_ACTIVE_USERS." VALUES ('$username', '$time')"; mysql_query($q, $this->connection); $this->calcNumActiveUsers(); } /* addActiveGuest - Adds guest to active guests table */ function addActiveGuest($ip, $time){ if(!TRACK_VISITORS) return; $q = "REPLACE INTO ".TBL_ACTIVE_GUESTS." VALUES ('$ip', '$time')"; mysql_query($q, $this->connection); $this->calcNumActiveGuests(); } /* These functions are self explanatory, no need for comments */ /* removeActiveUser */ function removeActiveUser($username){ if(!TRACK_VISITORS) return; $q = "DELETE FROM ".TBL_ACTIVE_USERS." WHERE user_name = '$username'"; mysql_query($q, $this->connection); $this->calcNumActiveUsers(); } /* removeActiveGuest */ function removeActiveGuest($ip){ if(!TRACK_VISITORS) return; $q = "DELETE FROM ".TBL_ACTIVE_GUESTS." WHERE ip = '$ip'"; mysql_query($q, $this->connection); $this->calcNumActiveGuests(); } /* removeInactiveUsers */ function removeInactiveUsers(){ if(!TRACK_VISITORS) return; $timeout = time()-USER_TIMEOUT*60; $q = "DELETE FROM ".TBL_ACTIVE_USERS." WHERE timestamp < $timeout"; mysql_query($q, $this->connection); $this->calcNumActiveUsers(); } /* removeInactiveGuests */ function removeInactiveGuests(){ if(!TRACK_VISITORS) return; $timeout = time()-GUEST_TIMEOUT*60; $q = "DELETE FROM ".TBL_ACTIVE_GUESTS." WHERE timestamp < $timeout"; mysql_query($q, $this->connection); $this->calcNumActiveGuests(); } function getUser($user, $isID=false){ if($isID == true){ $q = "SELECT user_name FROM ".TBL_USERS." WHERE user_id = '$user'"; } else{ $q = "SELECT user_id FROM ".TBL_USERS." WHERE user_name = '$user'"; } $result = mysql_query($q, $this->connection); /* Error occurred, return given name by default */ if(!$result || (mysql_numrows($result) < 1)){ return NULL; } /* Return result array */ $dbarray = mysql_fetch_array($result); if($isID == true){ $retval = $dbarray['user_name']; } else{ $retval = $dbarray['user_id']; } return $retval; } }; ?> "; $subject = "Welcome to FIRST Chat"; $body = $user.",\n\n" ."Welcome! You've just registered at Jpmaster77's Site " ."with the following information:\n\n" ."Username: ".$user."\n" ."Password: ".$pass."\n\n" ."If you ever lose or forget your password, a new " ."password will be generated for you and sent to this " ."email address, if you would like to change your " ."email address you can do so by going to the " ."My Account page after signing in.\n\n" ."- Jpmaster77's Site"; return mail($email,$subject,$body,$from); } /** * sendNewPass - Sends the newly generated password * to the user's email address that was specified at * sign-up. */ function sendNewPass($user, $email, $pass) { $from = "From: ".EMAIL_FROM_NAME." <".EMAIL_FROM_ADDR.">"; $subject = "FIRST Chat - Your new password"; $body = $user.",\n\n" ."We've generated a new password for you at your " ."request, you can use this new password with your " ."username to log in to FIRST Chat.\n\n" ."Username: ".$user."\n" ."New Password: ".$pass."\n\n" ."It is recommended that you change your password " ."to something that is easier to remember, which " ."can be done by going to the My Account page " ."after signing in."; return mail($email,$subject,$body,$from); } }; ?> values = $_SESSION['value_array']; $this->errors = $_SESSION['error_array']; $this->num_errors = count($this->errors); unset($_SESSION['value_array']); unset($_SESSION['error_array']); } else{ $this->num_errors = 0; } } /** * setValue - Records the value typed into the given * form field by the user. */ function setValue($field, $value){ $this->values[$field] = $value; } /** * setError - Records new form error given the form * field name and the error message attached to it. */ function setError($field, $errmsg){ $this->errors[$field] = $errmsg; $this->num_errors = count($this->errors); } /** * value - Returns the value attached to the given * field, if none exists, the empty string is returned. */ function value($field){ if(array_key_exists($field,$this->values)){ return htmlspecialchars(stripslashes($this->values[$field])); }else{ return ""; } } /** * error - Returns the error message attached to the * given field, if none exists, the empty string is returned. */ function error($field){ if(array_key_exists($field,$this->errors)){ return "".$this->errors[$field].""; }else{ return ""; } } /* getErrorArray - Returns the array of error messages */ function getErrorArray(){ return $this->errors; } }; ?> login($_POST['user'], $_POST['pass'], isset($_POST['remember'])); if ($retval) { header("Location: ".$session->referrer); } else { $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: $firstDir/index.php?page=login"); } } /** * procLogout - Simply attempts to log the user out of the system * given that there is no logout form to process. */ function procLogout() { global $session; $retval = $session->logout(); header("Location: $firstDir/index.php?page=login&m=2"); } /** * procRegister - Processes the user submitted registration form, * if errors are found, the user is redirected to correct the * information, if not, the user is effectively registered with * the system and an email is (optionally) sent to the newly * created user. */ function procRegister() { global $session, $form; /* Convert username to all lowercase (by option) */ if (ALL_LOWERCASE) { $_POST['user'] = strtolower($_POST['user']); } /* Registration attempt */ $retval = $session->register($_POST['user'], $_POST['pass'], $_POST['email']); /* Registration Successful */ if ($retval == 0) { $_SESSION['reguname'] = $_POST['user']; $_SESSION['regsuccess'] = true; header("Location: ".$session->referrer); } elseif($retval == 1) { $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ".$session->referrer); } elseif($retval == 2) { $_SESSION['reguname'] = $_POST['user']; $_SESSION['regsuccess'] = false; header("Location: ".$session->referrer); } } /** * procForgotPass - Validates the given username then if * everything is fine, a new password is generated and * emailed to the address the user gave on sign up. */ function procForgotPass() { global $db, $session, $mailer, $form; /* Username error checking */ $subuser = $_POST['user']; $field = "user"; //Use field name for username if (!$subuser || strlen($subuser = trim($subuser)) == 0) { $form->setError($field, "* Username not entered
"); } else { /* Make sure username is in database */ $subuser = stripslashes($subuser); if (strlen($subuser) < 5 || strlen($subuser) > 30 || !eregi("^([0-9a-z])+$", $subuser) || (!$db->usernameTaken($subuser))) { $form->setError($field, "* Username does not exist
"); } } /* Errors exist, have user correct them */ if ($form->num_errors > 0) { $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); } else { /* Generate new password */ $newpass = $session->generateRandStr(8); /* Get email of user */ $usrinf = $database->getUserInfo($subuser); $email = $usrinf['email']; /* Attempt to send the email with new password */ if ($mailer->sendNewPass($subuser,$email,$newpass)) { $database->updateUserField($subuser, "password", md5($newpass)); $_SESSION['forgotpass'] = true; } else { $_SESSION['forgotpass'] = false; } } header("Location: ".$session->referrer); } /** * procEditAccount - Attempts to edit the user's account * information, including the password, which must be verified * before a change is made. */ function procEditAccount() { global $session, $form; $retval = $session->editAccount($_POST['curpass'], $_POST['newpass'], $_POST['confpass'], $_POST['email']); if ($retval) { $_SESSION['useredit'] = true; header("Location: ".$session->referrer); } else { $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: $firstDir/index.php?page=usercp#account"); } } }; ?>