[1] | 1 | <?php |
---|
| 2 | /** |
---|
[362] | 3 | * The Strangecode Codebase - a general application development framework for PHP |
---|
| 4 | * For details visit the project site: <http://trac.strangecode.com/codebase/> |
---|
[396] | 5 | * Copyright 2001-2012 Strangecode, LLC |
---|
[497] | 6 | * |
---|
[362] | 7 | * This file is part of The Strangecode Codebase. |
---|
| 8 | * |
---|
| 9 | * The Strangecode Codebase is free software: you can redistribute it and/or |
---|
| 10 | * modify it under the terms of the GNU General Public License as published by the |
---|
| 11 | * Free Software Foundation, either version 3 of the License, or (at your option) |
---|
| 12 | * any later version. |
---|
[497] | 13 | * |
---|
[362] | 14 | * The Strangecode Codebase is distributed in the hope that it will be useful, but |
---|
| 15 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
---|
| 16 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more |
---|
| 17 | * details. |
---|
[497] | 18 | * |
---|
[362] | 19 | * You should have received a copy of the GNU General Public License along with |
---|
| 20 | * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>. |
---|
| 21 | */ |
---|
| 22 | |
---|
| 23 | /** |
---|
[42] | 24 | * password.php |
---|
[1] | 25 | */ |
---|
| 26 | |
---|
[497] | 27 | // Redefine include_path including the codebase/services but allow local templates override global ones. |
---|
| 28 | ini_set('include_path', join(PATH_SEPARATOR, array( |
---|
| 29 | get_include_path(), |
---|
| 30 | dirname(__FILE__) . '/templates' |
---|
| 31 | ))); |
---|
[1] | 32 | |
---|
| 33 | $auth->requireLogin(); |
---|
| 34 | |
---|
| 35 | require_once 'codebase/lib/FormValidator.inc.php'; |
---|
[497] | 36 | require_once 'codebase/lib/HTML.inc.php'; |
---|
[1] | 37 | |
---|
| 38 | /****************************************************************************** |
---|
| 39 | * CODE CONFIG |
---|
| 40 | *****************************************************************************/ |
---|
[42] | 41 | |
---|
[1] | 42 | // Titles and navigation header. |
---|
[497] | 43 | $nav->add(sprintf(_("Change password for <em>%s</em>"), $auth->get('username'))); |
---|
[1] | 44 | |
---|
| 45 | // The object to validate form input from the user. |
---|
| 46 | $fv = new FormValidator(); |
---|
| 47 | |
---|
[143] | 48 | /******************************************************************** |
---|
| 49 | * MAIN |
---|
| 50 | ********************************************************************/ |
---|
[1] | 51 | |
---|
[20] | 52 | if (getFormData('boomerang', false) && isset($_SERVER['HTTP_REFERER'])) { |
---|
[1] | 53 | // We remember which page we came from so we can go back there. |
---|
[136] | 54 | $app->setBoomerangURL($_SERVER['HTTP_REFERER'], 'admin_password'); |
---|
[1] | 55 | } |
---|
[136] | 56 | $app->sslOn(); |
---|
[1] | 57 | |
---|
| 58 | switch (getFormData('op')) { |
---|
| 59 | case 'update_password' : |
---|
| 60 | |
---|
| 61 | // Get the form variables. |
---|
| 62 | $frm = getFormData(); |
---|
| 63 | |
---|
| 64 | // Validate the posted data. |
---|
[497] | 65 | if ($fv->notEmpty('oldpassword', _("You did not specify the <strong>old password</strong>."))) { |
---|
| 66 | $fv->checkRegex('oldpassword', '/^\S{0,128}$/i', true, _("The <strong>old password</strong> specified is not valid.")); |
---|
| 67 | } |
---|
| 68 | if ($fv->notEmpty('newpassword', _("You did not specify the <strong>new password</strong>."))) { |
---|
| 69 | if ($fv->checkRegex('newpassword', '/^\S{8,128}$/i', true, _("The <strong>new password</strong> specified is not valid. A password must be eight or more characters."))) { |
---|
| 70 | if ($fv->notEmpty('newpassword2', _("You need to type the <strong>new password</strong> twice.")) && $frm['newpassword'] != $frm['newpassword2']) { |
---|
| 71 | $fv->addError('newpassword', _("The <strong>new passwords</strong> do not match.")); |
---|
| 72 | $fv->addError('newpassword2'); |
---|
| 73 | } |
---|
[1] | 74 | } |
---|
| 75 | } |
---|
[42] | 76 | |
---|
[147] | 77 | if (!$fv->anyErrors() && false === $auth->authenticate($auth->get('username'), $frm['oldpassword'])) { |
---|
[497] | 78 | $fv->addError('oldpassword', _("Your <strong>old password</strong> failed authentication.")); |
---|
[147] | 79 | $app->logMsg(sprintf('Password change failed for %s, using (md5ed) password: %s', $auth->get('username'), md5($frm['oldpassword'])), LOG_NOTICE, __FILE__, __LINE__); |
---|
[1] | 80 | } |
---|
| 81 | |
---|
| 82 | if (!$fv->anyErrors()) { |
---|
| 83 | $auth->setPassword(null, $frm['newpassword']); |
---|
[147] | 84 | $app->logMsg(sprintf('Password change successful for %s', $auth->get('username')), LOG_INFO, __FILE__, __LINE__); |
---|
| 85 | $app->raiseMsg(sprintf(_("Password change successful for %s"), $auth->get('username')), MSG_SUCCESS, __FILE__, __LINE__); |
---|
[136] | 86 | $app->dieBoomerangURL('admin_password'); |
---|
[1] | 87 | } |
---|
| 88 | break; |
---|
| 89 | } |
---|
| 90 | |
---|
| 91 | // Templates. |
---|
| 92 | include 'header.ihtml'; |
---|
[497] | 93 | include 'password.ihtml'; |
---|
[1] | 94 | include 'footer.ihtml'; |
---|
| 95 | |
---|