source: trunk/services/password.php @ 767

<?php
/**
 * The Strangecode Codebase - a general application development framework for PHP
 * For details visit the project site: <http://trac.strangecode.com/codebase/>
 * Copyright 2001-2012 Strangecode, LLC
 *
 * This file is part of The Strangecode Codebase.
 *
 * The Strangecode Codebase is free software: you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as published by the
 * Free Software Foundation, either version 3 of the License, or (at your option)
 * any later version.
 *
 * The Strangecode Codebase is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 * details.
 *
 * You should have received a copy of the GNU General Public License along with
 * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
 */

/**
 * password.php
 */

// Redefine include_path including the codebase/services but allow local templates override global ones.
ini_set('include_path', join(PATH_SEPARATOR, array(
    get_include_path(),
    dirname(__FILE__) . '/templates'
)));

$auth->requireLogin();

require_once 'codebase/lib/FormValidator.inc.php';
require_once 'codebase/lib/HTML.inc.php';

/******************************************************************************
 * CODE CONFIG
 *****************************************************************************/

// Titles and navigation header.
$nav->add(sprintf(_("Change password for <em>%s</em>"), oTxt($auth->get('username'))));
$nav->set('id', 'password');

// The object to validate form input from the user.
$fv = new FormValidator();

/********************************************************************
* MAIN
********************************************************************/

if (getFormData('boomerang', false) && isset($_SERVER['HTTP_REFERER'])) {
    // We remember which page we came from so we can go back there.
    $app->setBoomerangURL($_SERVER['HTTP_REFERER'], 'admin_password');
}

switch (getFormData('op')) {
case 'update_password' :

    // Get the form variables.
    $frm = getFormData();

    // Validate the posted data.
    if ($fv->notEmpty('oldpassword', _("You did not specify the <strong>old password</strong>."))) {
        $fv->checkRegex('oldpassword', '/^\S{0,128}$/i', true, _("The <strong>old password</strong> specified is not valid."));
    }
    if ($fv->notEmpty('newpassword', _("You did not specify the <strong>new password</strong>."))) {
        if ($fv->checkRegex('newpassword', '/^\S{8,128}$/i', true, _("The <strong>new password</strong> specified is not valid. A password must be eight or more characters."))) {
            if ($fv->notEmpty('newpassword2', _("You need to type the <strong>new password</strong> twice.")) && $frm['newpassword'] != $frm['newpassword2']) {
                $fv->addError('newpassword', _("The <strong>new passwords</strong> do not match."));
                $fv->addError('newpassword2');
            }
        }
    }

    if (!$fv->anyErrors() && false === $auth->authenticate($auth->get('username'), $frm['oldpassword'])) {
        $fv->addError('oldpassword', _("Your <strong>old password</strong> failed authentication."));
        $app->logMsg(sprintf('Password change failed for %s, using (md5ed) password: %s', $auth->get('username'), md5($frm['oldpassword'])), LOG_NOTICE, __FILE__, __LINE__);
    }

    if (!$fv->anyErrors()) {
        $auth->setPassword(null, $frm['newpassword']);
        $app->logMsg(sprintf('Password change successful for %s', $auth->get('username')), LOG_INFO, __FILE__, __LINE__);
        $app->raiseMsg(sprintf(_("Password change successful for %s"), $auth->get('username')), MSG_SUCCESS, __FILE__, __LINE__);
        $app->dieBoomerangURL('admin_password');
    }
    break;
}

// Templates.
include 'header.' . $app->getParam('template_ext');
include 'password.ihtml';
include 'footer.' . $app->getParam('template_ext');