1 | <?php |
---|
2 | /** |
---|
3 | * The Strangecode Codebase - a general application development framework for PHP |
---|
4 | * For details visit the project site: <http://trac.strangecode.com/codebase/> |
---|
5 | * Copyright 2001-2010 Strangecode, LLC |
---|
6 | * |
---|
7 | * This file is part of The Strangecode Codebase. |
---|
8 | * |
---|
9 | * The Strangecode Codebase is free software: you can redistribute it and/or |
---|
10 | * modify it under the terms of the GNU General Public License as published by the |
---|
11 | * Free Software Foundation, either version 3 of the License, or (at your option) |
---|
12 | * any later version. |
---|
13 | * |
---|
14 | * The Strangecode Codebase is distributed in the hope that it will be useful, but |
---|
15 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
---|
16 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more |
---|
17 | * details. |
---|
18 | * |
---|
19 | * You should have received a copy of the GNU General Public License along with |
---|
20 | * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>. |
---|
21 | */ |
---|
22 | |
---|
23 | /** |
---|
24 | * password.php |
---|
25 | */ |
---|
26 | |
---|
27 | // require_once dirname(__FILE__) . '/_config.inc.php'; |
---|
28 | |
---|
29 | $auth->requireLogin(); |
---|
30 | |
---|
31 | require_once 'codebase/lib/FormValidator.inc.php'; |
---|
32 | |
---|
33 | /****************************************************************************** |
---|
34 | * CODE CONFIG |
---|
35 | *****************************************************************************/ |
---|
36 | |
---|
37 | // Titles and navigation header. |
---|
38 | $nav->add(_("Change password")); |
---|
39 | |
---|
40 | // The object to validate form input from the user. |
---|
41 | $fv = new FormValidator(); |
---|
42 | |
---|
43 | /******************************************************************** |
---|
44 | * MAIN |
---|
45 | ********************************************************************/ |
---|
46 | |
---|
47 | if (getFormData('boomerang', false) && isset($_SERVER['HTTP_REFERER'])) { |
---|
48 | // We remember which page we came from so we can go back there. |
---|
49 | $app->setBoomerangURL($_SERVER['HTTP_REFERER'], 'admin_password'); |
---|
50 | } |
---|
51 | $app->sslOn(); |
---|
52 | |
---|
53 | switch (getFormData('op')) { |
---|
54 | case 'update_password' : |
---|
55 | |
---|
56 | // Get the form variables. |
---|
57 | $frm = getFormData(); |
---|
58 | |
---|
59 | // Validate the posted data. |
---|
60 | // $fv->isEmpty('oldpassword', _("You did not specify the <strong>old password</strong>.")); |
---|
61 | $fv->checkRegex('oldpassword', '/^[[:alnum:][:punct:]]{0,128}$/i', true, _("The <strong>Old password</strong> specified is not valid.")); |
---|
62 | if (!$fv->isEmpty('newpassword', _("You did not specify the <strong>New password</strong>."))) { |
---|
63 | $fv->checkRegex('newpassword', '/^[[:alnum:][:punct:]]{6,128}$/i', true, _("The <strong>New password</strong> specified is not valid. A password must be 6 or more characters.")); |
---|
64 | if ($frm['newpassword'] != $frm['newpassword2'] && !$fv->isEmpty('newpassword2', _("You need to type the <strong>New password</strong> twice."))) { |
---|
65 | $fv->addError('newpassword', _("The <strong>New passwords</strong> do not match.")); |
---|
66 | $fv->addError('newpassword2'); |
---|
67 | } |
---|
68 | } |
---|
69 | |
---|
70 | if (!$fv->anyErrors() && false === $auth->authenticate($auth->get('username'), $frm['oldpassword'])) { |
---|
71 | $fv->addError('oldpassword', _("Your <strong>Old password</strong> failed authentication.")); |
---|
72 | $app->logMsg(sprintf('Password change failed for %s, using (md5ed) password: %s', $auth->get('username'), md5($frm['oldpassword'])), LOG_NOTICE, __FILE__, __LINE__); |
---|
73 | } |
---|
74 | |
---|
75 | if (!$fv->anyErrors()) { |
---|
76 | $auth->setPassword(null, $frm['newpassword']); |
---|
77 | $app->logMsg(sprintf('Password change successful for %s', $auth->get('username')), LOG_INFO, __FILE__, __LINE__); |
---|
78 | $app->raiseMsg(sprintf(_("Password change successful for %s"), $auth->get('username')), MSG_SUCCESS, __FILE__, __LINE__); |
---|
79 | $app->dieBoomerangURL('admin_password'); |
---|
80 | } |
---|
81 | break; |
---|
82 | } |
---|
83 | |
---|
84 | // Templates. |
---|
85 | include 'header.ihtml'; |
---|
86 | include 'codebase/services/templates/password.ihtml'; |
---|
87 | include 'footer.ihtml'; |
---|
88 | |
---|
89 | ?> |
---|