Hi everyone,
I am running Apache web server v2.0.52, MySQL v14.7 (Distrib 4.1.20), and XOOPS v2.2.2
My problem is with the Extended Profiles module.
I am running version: 0.1
Simply put, I cannot change my OWN password when Im logged in as an Administrator, but I can change my OWN password if I am logged in as a different Admin User.
It seems to me like a simple condition statement that was set so that the password fields do not show if you are an admin and you want to change your own pwd.
I looked up the code in forms.php in the following directory: modules/profile/include/
function getUserForm(&$user, $action = false) {
global $xoopsConfig, $xoopsModule, $xoopsModuleConfig, $xoopsUser;
if ($action === false) {
$action = $_SERVER['REQUEST_URI'];
}
include_once XOOPS_ROOT_PATH."/class/xoopsformloader.php";
.
.
.
if ($xoopsUser->isAdmin() && $user->getVar('uid') != $xoopsUser->getVar('uid')) {
//If the user is an admin and is editing someone else
$pwd_text = new XoopsFormPassword('', 'password', 10, 32);
$pwd_text2 = new XoopsFormPassword('', 'vpass', 10, 32);
$pwd_tray = new XoopsFormElementTray(_PROFILE_MA_PASSWORD.''._PROFILE_MA_TYPEPASSTWICE);
$pwd_tray->addElement($pwd_text);
$pwd_tray->addElement($pwd_text2);
$elements[0][] = array('element' => $pwd_tray, 'required' => 0); //cannot set an element tray required
$weights[0][] = 0;
$level_radio = new XoopsFormRadio(_PROFILE_MA_ACTIVEUSER, 'level', $user->getVar('level'));
$level_radio->addOption(1, _PROFILE_MA_ACTIVE);
$level_radio->addOption(0, _PROFILE_MA_INACTIVE);
$level_radio->addOption(-1, _PROFILE_MA_DISABLED);
$elements[0][] = array('element' => $level_radio, 'required' => 0);
$weights[0][] = 0;
}
$elements[0][] = array('element' => new XoopsFormHidden('uid', $user->getVar('uid')), 'required' => 0);
$weights[0][] = 0;
$elements[0][] = array('element' => new XoopsFormHidden('op', 'save'), 'required' => 0);
$weights[0][] = 0;
if ($xoopsUser && $xoopsUser->isAdmin()) {
$xoopsModule->loadLanguage("admin");
.
.
.
As you can see if the user is an admin and is editing someone else he can change the password, but I want to be able to change the password if you are editing yourself as well.
I tried the following piece of code right after the if stmt:
/* else if ($xoopsUser->isAdmin()) {
//If the user is an admin and is editing himself
$pwd_text = new XoopsFormPassword('', 'password', 10, 32);
$pwd_text2 = new XoopsFormPassword('', 'vpass', 10, 32);
$pwd_tray = new XoopsFormElementTray(_PROFILE_MA_PASSWORD.''._PROFILE_MA_TYPEPASSTWICE);
$pwd_tray->addElement($pwd_text);
$pwd_tray->addElement($pwd_text2);
$elements[0][] = array('element' => $pwd_tray, 'required' => 0); //cannot set an element tray required
$weights[0][] = 0;
$level_radio = new XoopsFormRadio(_PROFILE_MA_ACTIVEUSER, 'level', $user->getVar('level'));
$level_radio->addOption(1, _PROFILE_MA_ACTIVE);
$level_radio->addOption(0, _PROFILE_MA_INACTIVE);
$level_radio->addOption(-1, _PROFILE_MA_DISABLED);
$elements[0][] = array('element' => $level_radio, 'required' => 0);
$weights[0][] = 0;
}
It works so much as to place the fields in the form and says that it updated the profile correctly when I change the password but when I try my new password it doesn't work, it didn't update the password :(
I tried changing the else if stmt to
($xoopsUser->isAdmin() && $user->getVar('uid') == $xoopsUser->getVar('uid'))
Doesn't update either.
Does anyone know if I should be doing any other mods in the code somewhere else?
I am not the one who installed XOOPS and this module particularly. And I don't know if the web developer changed the code explicity for security purposes or some other reason.
Any help would be appreciated!
Regards,
Patrick S.
Web Developer
Tektronix.com*/
