From 520b349c1742ce930a0124d6c4acc2f2ce5635cc Mon Sep 17 00:00:00 2001
From: Baris Soner Usakli <barisusakli@gmail.com>
Date: Wed, 19 Feb 2014 13:30:31 -0500
Subject: [PATCH] closes #1044

---
 public/src/forum/accountedit.js |  9 +++--
 public/templates/topic.tpl      |  2 +-
 src/events.js                   | 18 ++++++++--
 src/user.js                     | 58 +++++++++++++++++++++++++--------
 4 files changed, 65 insertions(+), 22 deletions(-)

diff --git a/public/src/forum/accountedit.js b/public/src/forum/accountedit.js
index 0deeda57c7..13bab6cf9d 100644
--- a/public/src/forum/accountedit.js
+++ b/public/src/forum/accountedit.js
@@ -190,10 +190,11 @@ define(['forum/accountheader', 'uploader'], function(header, uploader) {
 
 			$('#changePasswordBtn').on('click', function() {
 
-				if (passwordvalid && passwordsmatch && currentPassword.val()) {
+				if (passwordvalid && passwordsmatch && (currentPassword.val() || app.isAdmin)) {
 					socket.emit('user.changePassword', {
 						'currentPassword': currentPassword.val(),
-						'newPassword': password.val()
+						'newPassword': password.val(),
+						'uid': templates.get('theirid')
 					}, function(err) {
 
 						currentPassword.val('');
@@ -203,12 +204,10 @@ define(['forum/accountheader', 'uploader'], function(header, uploader) {
 						passwordvalid = false;
 
 						if (err) {
-							app.alertError(err.message);
-							return;
+							return app.alertError(err.message);
 						}
 
 						app.alertSuccess('Your password is updated!');
-
 					});
 				}
 				return false;
diff --git a/public/templates/topic.tpl b/public/templates/topic.tpl
index 76e937b93c..c6eeaeb2df 100644
--- a/public/templates/topic.tpl
+++ b/public/templates/topic.tpl
@@ -296,4 +296,4 @@
 		</div>
 	</div>
 
-</div>
\ No newline at end of file
+</div>
diff --git a/src/events.js b/src/events.js
index e7ac7356e2..825db1c832 100644
--- a/src/events.js
+++ b/src/events.js
@@ -13,6 +13,17 @@ var fs = require('fs'),
 		logWithUser(uid, 'changed password');
 	}
 
+	events.logAdminChangeUserPassword = function(adminUid, theirUid) {
+		user.getMultipleUserFields([adminUid, theirUid], ['username'], function(err, userData) {
+			if(err) {
+				return winston.error('Error logging event. ' + err.message);
+			}
+
+			var msg = userData[0].username + '(uid ' + adminUid + ') changed password of ' + userData[1].username + '(uid ' + theirUid + ')';
+			events.log(msg);
+		});
+	}
+
 	events.logPasswordReset = function(uid) {
 		logWithUser(uid, 'reset password');
 	}
@@ -53,11 +64,10 @@ var fs = require('fs'),
 
 		user.getUserField(uid, 'username', function(err, username) {
 			if(err) {
-				winston.error('Error logging event. ' + err.message);
-				return;
+				return winston.error('Error logging event. ' + err.message);
 			}
 
-			var msg = '[' + new Date().toUTCString() + '] - ' + username + '(uid ' + uid + ') ' + string;
+			var msg = username + '(uid ' + uid + ') ' + string;
 			events.log(msg);
 		});
 	}
@@ -65,6 +75,8 @@ var fs = require('fs'),
 	events.log = function(msg) {
 		var logFile = path.join(nconf.get('base_dir'), logFileName);
 
+		msg = '[' + new Date().toUTCString() + '] - ' + msg;
+
 		fs.appendFile(logFile, msg + '\n', function(err) {
 			if(err) {
 				winston.error('Error logging event. ' + err.message);
diff --git a/src/user.js b/src/user.js
index 13d3669f2c..a3edb449d1 100644
--- a/src/user.js
+++ b/src/user.js
@@ -424,27 +424,59 @@ var bcrypt = require('bcryptjs'),
 	};
 
 	User.changePassword = function(uid, data, callback) {
+		if(!data || !data.uid) {
+			return callback(new Error('invalid-uid'));
+		}
+
+		function hashAndSetPassword(callback) {
+			User.hashPassword(data.newPassword, function(err, hash) {
+				if(err) {
+					return callback(err);
+				}
+
+				User.setUserField(data.uid, 'password', hash, function(err) {
+					if(err) {
+						return callback(err);
+					}
+
+					if(parseInt(uid, 10) === parseInt(data.uid, 10)) {
+						events.logPasswordChange(data.uid);
+					} else {
+						events.logAdminChangeUserPassword(uid, data.uid);
+					}
+
+					callback();
+				});
+			});
+		}
+
 		if (!utils.isPasswordValid(data.newPassword)) {
 			return callback(new Error('Invalid password!'));
 		}
 
-		User.getUserField(uid, 'password', function(err, currentPassword) {
-			bcrypt.compare(data.currentPassword, currentPassword, function(err, res) {
-				if (err) {
+		if(parseInt(uid, 10) !== parseInt(data.uid, 10)) {
+			User.isAdministrator(uid, function(err, isAdmin) {
+				if(err || !isAdmin) {
+					return callback(err || new Error('not-allowed'));
+				}
+
+				hashAndSetPassword(callback);
+			});
+		} else {
+			User.getUserField(uid, 'password', function(err, currentPassword) {
+				if(err) {
 					return callback(err);
 				}
 
-				if (res) {
-					User.hashPassword(data.newPassword, function(err, hash) {
-						User.setUserField(uid, 'password', hash);
-						events.logPasswordChange(uid);
-						callback(null);
-					});
-				} else {
-					callback(new Error('Your current password is not correct!'));
-				}
+				bcrypt.compare(data.currentPassword, currentPassword, function(err, res) {
+					if (err || !res) {
+						return callback(err || new Error('Your current password is not correct!'));
+					}
+
+					hashAndSetPassword(callback);
+				});
 			});
-		});
+		}
 	};
 
 	User.setUserField = function(uid, field, value, callback) {