Allow users to change their own passwords

inc/config.php

@@ -321,6 +321,8 @@
 	$config['mod']['promoteusers'] = ADMIN;
 	// Edit any users' login information
 	$config['mod']['editusers'] = ADMIN;
+	// Change user's own password
+	$config['mod']['change_password'] = JANITOR;
 	// Delete a user
 	$config['mod']['deleteusers'] = ADMIN;
 	// Create a user

inc/mod.php

@@ -38,7 +38,7 @@
 		if(!$mod) error('setCookies() was called for a non-moderator!');
 		
 		// $config['cookies']['mod'] contains username:hash
-		setcookie($config['cookies']['mod'], $mod['username'] . ':' . $mod['hash'], time()+$config['cookies']['expire'], $config['cookies']['jail']?$config['root']:'/', null, false, true);
+		setcookie($config['cookies']['mod'], $mod['username'] . ':' . $mod['hash'], time()+$config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path']:'/', null, false, true);
 		
 		// Put $mod in the session
 		$_SESSION['mod'] = $mod;
@@ -51,7 +51,7 @@
 	function destroyCookies() {
 		global $config;
 		// Delete the cookies
-		setcookie($config['cookies']['mod'], 'deleted', time()-$config['cookies']['expire'], $config['cookies']['jail']?$config['root']:'/', null, false, true);
+		setcookie($config['cookies']['mod'], 'deleted', time()-$config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path']:'/', null, false, true);
 		
 		// Unset the session
 		unset($_SESSION['mod']);

mod.php

@@ -306,7 +306,8 @@
 							:'')
 						: ''
 						) .
-						($mod['type'] >= $config['mod']['editusers'] ?
+						($mod['type'] >= $config['mod']['editusers'] ||
+						($mod['type'] >= $config['mod']['change_password'] && $_mod['id'] == $mod['id'])?
 							'<a class="unimportant" style="margin-left:5px;float:right" href="?/users/' . $_mod['id'] . '">[edit]</a>'
 						: '' ) .
 						($mod['type'] >= $config['mod']['create_pm'] ?
@@ -416,7 +417,7 @@
 				header('Location: ?/users', true, $config['redirect_http']);
 			} else {
 				// Edit user
-				if($mod['type'] < $config['mod']['editusers']) error($config['error']['noaccess']);
+				if($mod['type'] < $config['mod']['editusers'] && $mod['type'] < $config['mod']['change_password']) error($config['error']['noaccess']);
 				
 				$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
 				$query->bindValue(':id', $modID, PDO::PARAM_INT);
@@ -426,12 +427,16 @@
 					error($config['error']['404']);
 				}
 				
-				if(isset($_POST['username']) && isset($_POST['password'])) {
-					$query = prepare("UPDATE `mods` SET `username` = :username WHERE `id` = :id");
-					$query->bindValue(':username', $_POST['username']);
-					$query->bindValue(':id', $modID, PDO::PARAM_INT);
-					$query->execute() or error(db_error($query));
-					
+				if($mod['type'] < $config['mod']['editusers'] && !($mod['type'] >= $config['mod']['change_password'] && $mod['id'] == $_mod['id'] && $change_password_only = true))
+					error($config['error']['noaccess']);
+				
+				if((isset($_POST['username']) && isset($_POST['password'])) || (isset($change_password_only) && isset($_POST['password']))) {
+					if(!isset($change_password_only)) {
+						$query = prepare("UPDATE `mods` SET `username` = :username WHERE `id` = :id");
+						$query->bindValue(':username', $_POST['username']);
+						$query->bindValue(':id', $modID, PDO::PARAM_INT);
+						$query->execute() or error(db_error($query));
+					}
 					if(!empty($_POST['password'])) {
 						$query = prepare("UPDATE `mods` SET `password` = :password WHERE `id` = :id");
 						$query->bindValue(':password', sha1($_POST['password']));
@@ -444,6 +449,16 @@
 					$query->bindValue(':id', $modID, PDO::PARAM_INT);
 					$query->execute() or error(db_error($query));
 					
+					if(!$_mod = $query->fetch()) {
+						error($config['error']['404']);
+					}
+				
+					if($_mod['id'] == $mod['id']) {
+						// Changed own password. Update cookies
+						var_dump(login($_mod['username'], $_mod['password'], false));
+						setCookies();
+					}
+					
 					$_mod = $query->fetch();
 				}
 				
@@ -454,7 +469,13 @@
 				
 				'<table>' .
 				
-				'<tr><th>Username</th><td><input size="20" maxlength="30" type="text" name="username" value="' . $_mod['username'] . '" autocomplete="off" /></td></tr>' .
+				'<tr><th>Username</th><td>' . 
+				
+				(isset($change_password_only) ?
+					$_mod['username']
+				: '<input size="20" maxlength="30" type="text" name="username" value="' . $_mod['username'] . '" autocomplete="off" />') .
+				
+				'</td></tr>' .
 				'<tr><th>Password <span class="unimportant">(new; optional)</span></th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
 				'</table>' .