source: branches/2.1/admin/profile.php @ 7783

Last change on this file since 7783 was 6903, checked in by nikrou, 14 years ago

Fix bug 1856 : CSRF issue that allow to change admin password
Merge from trunk

  • Property svn:eol-style set to LF
File size: 2.2 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2010 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if( !defined("PHPWG_ROOT_PATH") ) die ("Hacking attempt!");
25
26$edit_user = build_user( $_GET['user_id'], false );
27
28if (!empty($_POST))
29{
30  check_pwg_token();
31}
32
33include_once(PHPWG_ROOT_PATH.'profile.php');
34
35$errors = array();
36if ( !is_adviser() )
37{
38  save_profile_from_post($edit_user, $errors);
39}
40
41load_profile_in_template(
42  get_root_url().'admin.php?page=profile&amp;user_id='.$edit_user['id'],
43  get_root_url().'admin.php?page=user_list',
44  $edit_user
45  );
46$page['errors'] = array_merge($page['errors'], $errors);
47
48$template->set_filename('profile', 'profile.tpl');
49$template->assign_var_from_handle('ADMIN_CONTENT', 'profile');
50?>
Note: See TracBrowser for help on using the repository browser.