/branches/2.8.x/wb/account/email.php - Diff - WB 2.08.x - Tracking

« Previous | Next »

Revision 1425

redefined wrong admin backlinks

     $current_password = $wb->get_post('current_password');
     $email = $wb->get_post('email');
     // Create a javascript back link
     $js_back = WB_URL.'/account/preferences.php';
     if (!$wb->checkFTAN())
+    {
     	$wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL);
     	$wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back, false);
     	exit();
+    }
     // Create a javascript back link
     $js_back = "javascript: history.go(-1);";
     // Get existing password
     // $database = new database();
     $query = "SELECT user_id FROM ".TABLE_PREFIX."users WHERE user_id = '".$wb->get_user_id()."' AND password = '".md5($current_password)."'";
-...
     $query = "UPDATE ".TABLE_PREFIX."users SET email = '$email' WHERE user_id = '".$wb->get_user_id()."' AND password = '".md5($current_password)."'";
     $database->query($query);
     if($database->is_error()) {
     	$wb->print_error($database->get_error,'index.php', false);
     	$wb->print_error($database->get_error,$js_back, false);
     } else {
     	$wb->print_success($MESSAGE['PREFERENCES']['EMAIL_UPDATED'], WB_URL.'/account/preferences.php');
     	$wb->print_success($MESSAGE['PREFERENCES']['EMAIL_UPDATED']);
     	$_SESSION['EMAIL'] = $email;
+    }

Also available in: Unified diff