From d8543707426d6a4645c270929f999df8209bb587 Mon Sep 17 00:00:00 2001
From: cflem <carson.fl3ming@gmail.com>
Date: Sun, 1 Jan 2017 19:32:37 -0700
Subject: Added inc/config.php to the gitignore, opting for a sample version
 instead

---
 .gitignore              |  4 ++++
 dash/css/dash.css       |  2 +-
 dash/dash_common.php    |  1 +
 dash/dash_functions.php |  9 +++++++++
 dash/settings.php       | 12 +++++++++---
 inc/dash_fatal.tpl      |  9 +++++++++
 inc/functions.php       |  2 +-
 7 files changed, 34 insertions(+), 5 deletions(-)
 create mode 100644 dash/dash_functions.php
 create mode 100644 inc/dash_fatal.tpl

diff --git a/.gitignore b/.gitignore
index 76efbb7..523fcf6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,7 @@
 *.swp
 .*.swp
 *~
+
+# sensitive config file
+# contains database passwords and site-specific options
+inc/config.php
diff --git a/dash/css/dash.css b/dash/css/dash.css
index 040aab0..f6f390d 100644
--- a/dash/css/dash.css
+++ b/dash/css/dash.css
@@ -221,7 +221,7 @@ body {
   padding-top: 1em;
 }
 #fulljob.fjsettings {
-  margin: 5em auto 1em auto;
+  margin: 2em auto 0 auto;
   height: 500px;
   border-radius: 5px;
 }
diff --git a/dash/dash_common.php b/dash/dash_common.php
index 5a836cb..cc1d0b1 100644
--- a/dash/dash_common.php
+++ b/dash/dash_common.php
@@ -1,5 +1,6 @@
 <?php
 require('../inc/common.php');
+require('dash_functions.php');
 if ($b_user['id'] < 1) l_redirect('login.php');
 
 define('ACC_TYPE', $b_user['type']);
diff --git a/dash/dash_functions.php b/dash/dash_functions.php
new file mode 100644
index 0000000..49664a3
--- /dev/null
+++ b/dash/dash_functions.php
@@ -0,0 +1,9 @@
+<?php
+function dash_fatal ($msg = null, $link = null, $label = null) {
+  if ($link === null) $link = 'javascript:history.go(-1);';
+  if ($label == null) $label = '&larr; Got It';
+  echo tpl(array('message' => $msg, 'link' => $link, 'label' => $label), 'dash_fatal.tpl').PHP_EOL;
+  require('footer.php');
+  die;
+}
+?>
diff --git a/dash/settings.php b/dash/settings.php
index 8c29a90..5dc2e3d 100644
--- a/dash/settings.php
+++ b/dash/settings.php
@@ -4,9 +4,15 @@ define('HEIRARCHY', 1);
 require('dash_common.php');
 $title = 'Account Settings / Bulletin';
 require('header.php');
-//if (!empty($_POST[''])) {
-
-//}
+if (!empty($_POST['changepass'])) {
+  if ($b_user['password'] != hash('sha512', $_POST['oldpass'])) dash_fatal('The password you entered does not match your current password.');
+  if ($_POST['newpass1'] != $_POST['newpass2']) dash_fatal('Your new passwords do not match.');
+  $db->query('UPDATE users SET password = \''.hash('sha512', $_POST['newpass1']).'\' WHERE id = '.$b_user['id']) or dash_fatal($db->error);
+  if ($db->affected_rows < 1) dash_fatal('No user with your ID is in the database');
+  dash_fatal('Password changed successfully.');
+} else if (!empty($_POST['changetype'])) {
+  if ($b_user['password'] != hash('sha512', $_POST['curpass'])) dash_fatal('The password you entered does not match your current password.');
+}
 ?>
       <div id="fulljob" class="fjsettings">
         <div id="fjheader">
diff --git a/inc/dash_fatal.tpl b/inc/dash_fatal.tpl
new file mode 100644
index 0000000..31106a2
--- /dev/null
+++ b/inc/dash_fatal.tpl
@@ -0,0 +1,9 @@
+      <div class="errbox">
+        <p>[tpl:message]</p>
+        <div class="hr"></div>
+        <p class="back">
+          <a href="[tpl:link]">
+            [tpl:label]
+          </a>
+        </p>
+      </div>
diff --git a/inc/functions.php b/inc/functions.php
index 4e98342..4793d3d 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -36,7 +36,7 @@ function tpl ($options, $file) {
   return $tpl_htm;
 }
 
-function fatal ($msg, $link, $label) {
+function fatal ($msg = null, $link = null, $label = null) {
   if ($link === null) $link = 'javascript:history.go(-1);';
   if ($label === null) $label = '&larr; Got It';
   die(tpl(array('message' => $msg, 'link' => $link, 'label' => $label), 'fatal.tpl'));
-- 
cgit v1.2.3