id == $_GET['id']){ $user = $current_user; auth(AUTH_PUPIL); }else{ auth(AUTH_STAFF); if (!is_numeric($_GET['id'])) msgscrn("User not found","The user id is invalid.","",""); $user = User::get($_GET['id']); if (!$user) msgscrn("User not found","The user does not exist.","","rc"); } // Change the user's password, if requested. if ( ($_GET['edit']==1) && ($_POST['submitted']==1) && ($user->id == $current_user->id || $current_user->isAdmin()) ){ // Check that the old password given is correct. // Admins editing other user's passwords do not need this if ($current_user->id == $user->id){ $hashed = md5($_POST['old']); if ($user->password != $hashed){ // Show error page header("location: profile.php?id={$user->id}&edit=1&failed=1"); die(""); } } // Check that the new passwords match if ($_POST['new'] == $_POST['confirm'] && $_POST['new']!=""){ // Change password $user->password = md5($_POST["new"]); $user->save(); // Go back to the profile page header("location: profile.php?id={$user->id}"); die(""); } // Show error page header("location: profile.php?id={$user->id}&edit=1&failed=1"); die(""); } // Show test player page showHeader($user->firstname." ".$user->surname." - Profile"); ?>

firstname;?> surname;?>

\n"; } profile_row("Username", $user->username); profile_row("Year", $user->year); profile_row("Group", $user->group); echo "

"; if ($user->id == $current_user->id || $current_user->isAdmin()){ if ($_GET['edit']==1){ ?>

id}&edit=1";?>" method="post"> Failed to change password.

"; if ($current_user->id == $user->id){ ?> Old password:
New password:
Confirm new password:

id}&edit=1\">Edit"; } } if ($user->isPupil()) echo " id}\">View Report"; echo "

"; ?>