-
Notifications
You must be signed in to change notification settings - Fork 1
/
changeuserpassword.php
97 lines (88 loc) · 3.07 KB
/
changeuserpassword.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
<?php
require_once('application.inc.php');
if (!authorized()) { exit; }
if (!($_SESSION['AUTH_LOGINSOURCE'] == "DB")) {
redirect2URL("update.php");
}
if (!isset($_POST['cancel']) || !setVar($cancel,$_POST['cancel'],'cancel')) unset($cancel);
if (!isset($_POST['save']) || !setVar($save,$_POST['save'],'save')) unset($save);
if (!isset($_POST['user_oldpassword']) || !setVar($user_oldpassword,$_POST['user_oldpassword'],'password')) unset($user_oldpassword);
if (!isset($_POST['user_newpassword1']) || !setVar($user_newpassword1,$_POST['user_newpassword1'],'password')) unset($user_newpassword1);
if (!isset($_POST['user_newpassword2']) || !setVar($user_newpassword2,$_POST['user_newpassword2'],'password')) unset($user_newpassword2);
if (isset($cancel)) {
redirect2URL("update.php");
exit;
}
if (isset($save)) {
$user['oldpassword']=$user_oldpassword;
$user['newpassword1']=$user_newpassword1;
$user['newpassword2']=$user_newpassword2;
$oldpw_error = checkoldpassword($user,$_SESSION["AUTH_USERID"]);
$newpw_error = checknewpassword($user);
if ($oldpw_error==0) {
if ($newpw_error==0) { // new password is valid
// save password to DB
$result = DBQuery("UPDATE ".SCHEMANAME."vtcal_user SET password='".sqlescape(crypt($user['newpassword1']))."' WHERE id='".sqlescape($_SESSION["AUTH_USERID"])."'" );
// reroute to sponsormenu page
redirect2URL("update.php?fbid=passwordchangesuccess");
exit;
}
}
}
pageheader(lang('change_password'), "Update");
contentsection_begin(lang('change_password'));
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<table border="0" cellpadding="2" cellspacing="0">
<tr>
<td valign="top">
<b><?php echo lang('old_password'); ?></b>
</td>
<td valign="top">
<?php
if (isset($save) && $oldpw_error) {
feedback(lang('old_password_wrong'),FEEDBACKNEG);
}
?>
<input type="password" name="user_oldpassword" maxlength="20" size="20" value="">
<i> <?php echo lang('case_sensitive'); ?></i>
</td>
</tr>
<tr>
<td valign="top">
<b><?php echo lang('new_password'); ?></b>
</td>
<td valign="top">
<?php
if (isset($save)) {
if ($newpw_error == 1) {
feedback(lang('two_passwords_dont_match'),FEEDBACKNEG);
}
elseif ($newpw_error == 2) {
feedback(lang('new_password_invalid'),FEEDBACKNEG);
} // end: if ($newpw_error == 2)
} // end: if (isset($save))
?>
<input type="password" name="user_newpassword1" maxlength="20" size="20" value="">
<i> <?php echo lang('case_sensitive'); ?></i>
</td>
</tr>
<tr>
<td valign="top">
<b><?php echo lang('new_password'); ?></b><br><?php echo lang('password_repeated'); ?>
</td>
<td valign="top">
<input type="password" name="user_newpassword2" maxlength="20" size="20" value="">
<i> <?php echo lang('case_sensitive'); ?></i>
</td>
</tr>
</table>
<br>
<input type="submit" name="save" value="<?php echo lang('ok_button_text'); ?>">
<input type="submit" name="cancel" value="<?php echo lang('cancel_button_text'); ?>">
</form>
<?php
contentsection_end();
pagefooter();
DBclose();
?>