| 1 | <?php |
|---|
| 2 | /** |
|---|
| 3 | * password.php |
|---|
| 4 | * Code by Strangecode :: www.strangecode.com :: This document contains copyrighted information |
|---|
| 5 | */ |
|---|
| 6 | |
|---|
| 7 | // require_once dirname(__FILE__) . '/_config.inc.php'; |
|---|
| 8 | |
|---|
| 9 | $auth->requireLogin(); |
|---|
| 10 | |
|---|
| 11 | require_once 'codebase/lib/FormValidator.inc.php'; |
|---|
| 12 | |
|---|
| 13 | /****************************************************************************** |
|---|
| 14 | * CODE CONFIG |
|---|
| 15 | *****************************************************************************/ |
|---|
| 16 | |
|---|
| 17 | // Titles and navigation header. |
|---|
| 18 | $nav->addPage(_("Change password")); |
|---|
| 19 | |
|---|
| 20 | // The object to validate form input from the user. |
|---|
| 21 | $fv = new FormValidator(); |
|---|
| 22 | |
|---|
| 23 | /****************************************************************************** |
|---|
| 24 | * MAIN |
|---|
| 25 | *****************************************************************************/ |
|---|
| 26 | |
|---|
| 27 | if (getFormData('boomerang', false) && isset($_SERVER['HTTP_REFERER'])) { |
|---|
| 28 | // We remember which page we came from so we can go back there. |
|---|
| 29 | App::setBoomerangURL($_SERVER['HTTP_REFERER'], 'admin_password'); |
|---|
| 30 | } |
|---|
| 31 | App::sslOn(); |
|---|
| 32 | |
|---|
| 33 | switch (getFormData('op')) { |
|---|
| 34 | case 'update_password' : |
|---|
| 35 | |
|---|
| 36 | // Get the form variables. |
|---|
| 37 | $frm = getFormData(); |
|---|
| 38 | |
|---|
| 39 | // Validate the posted data. |
|---|
| 40 | // $fv->isEmpty('oldpassword', _("You did not specify the <strong>old password</strong>.")); |
|---|
| 41 | $fv->checkRegex('oldpassword', '/^[[:alnum:][:punct:]]{0,128}$/i', true, _("The <strong>Old password</strong> specified is not valid.")); |
|---|
| 42 | if (!$fv->isEmpty('newpassword', _("You did not specify the <strong>New password</strong>."))) { |
|---|
| 43 | $fv->checkRegex('newpassword', '/^[[:alnum:][:punct:]]{6,128}$/i', true, _("The <strong>New password</strong> specified is not valid. A password must be 6 or more characters.")); |
|---|
| 44 | if ($frm['newpassword'] != $frm['newpassword2'] && !$fv->isEmpty('newpassword2', _("You need to type the <strong>New password</strong> twice."))) { |
|---|
| 45 | $fv->addError('newpassword', _("The <strong>New passwords</strong> do not match.")); |
|---|
| 46 | $fv->addError('newpassword2'); |
|---|
| 47 | } |
|---|
| 48 | } |
|---|
| 49 | |
|---|
| 50 | if (!$fv->anyErrors() && false === $auth->authenticate($auth->getVal('username'), $frm['oldpassword'])) { |
|---|
| 51 | $fv->addError('oldpassword', _("Your <strong>Old password</strong> failed authentication.")); |
|---|
| 52 | App::logMsg(sprintf(_("Password change failed for %s, using (md5ed) password: %s"), $auth->getVal('username'), md5($frm['oldpassword'])), LOG_NOTICE, __FILE__, __LINE__); |
|---|
| 53 | } |
|---|
| 54 | |
|---|
| 55 | if (!$fv->anyErrors()) { |
|---|
| 56 | $auth->setPassword(null, $frm['newpassword']); |
|---|
| 57 | App::logMsg(sprintf(_("Password change successful for %s"), $auth->getVal('username')), LOG_INFO, __FILE__, __LINE__); |
|---|
| 58 | App::raiseMsg(sprintf(_("Password change successful for %s"), $auth->getVal('username')), MSG_SUCCESS, __FILE__, __LINE__); |
|---|
| 59 | App::dieBoomerangURL('admin_password'); |
|---|
| 60 | } |
|---|
| 61 | break; |
|---|
| 62 | } |
|---|
| 63 | |
|---|
| 64 | // Templates. |
|---|
| 65 | include 'header.ihtml'; |
|---|
| 66 | include 'codebase/services/templates/password.ihtml'; |
|---|
| 67 | include 'footer.ihtml'; |
|---|
| 68 | |
|---|
| 69 | ?> |
|---|
