science-ation/user_password.php

124 lines
4.0 KiB
PHP
Raw Permalink Normal View History

2007-11-16 06:30:42 +00:00
<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
Copyright (C) 2007 David Grant <dave@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
require_once("common.inc.php");
require_once("user.inc.php");
$type = false;
if(isset($_SESSION['users_type'])) {
$type = $_SESSION['users_type'];
} else {
message_push(error(i18n("You must login to view that page")));
header("location: {$config['SFIABDIRECTORY']}/index.php");
2007-11-16 06:30:42 +00:00
exit;
}
/* Make sure the user is logged in, but don't check passwd expiry */
if(!isset($_SESSION['users_type'])) {
message_push(error(i18n("You must login to view that page")));
header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type");
exit;
}
if($_SESSION['users_type'] != $type) {
message_push(error(i18n("You must login to view that page")));
header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type");
exit;
}
2007-11-16 06:30:42 +00:00
2010-01-27 20:24:10 +00:00
if(array_key_exists('request_uri', $_SESSION))
$back_link = $_SESSION['request_uri'];
else
$back_link = "{$type}_main.php";
unset($_SESSION['request_uri']);
2024-12-17 06:34:35 +00:00
$password_expiry_days = get_value_from_array($config, "{$type}_password_expiry_days");
2007-11-16 06:30:42 +00:00
2024-12-17 06:34:35 +00:00
if(get_value_from_array($_POST, 'action') == "save")
2007-11-16 06:30:42 +00:00
{
2024-12-09 06:06:15 +00:00
$pass = $_POST['pass1'];
2007-11-16 06:30:42 +00:00
//first, lets see if they choosed the same password again (bad bad bad)
2024-12-09 06:06:15 +00:00
$q=$pdo->prepare("SELECT password FROM users WHERE
id='{$_SESSION['users_id']}'
AND password='$pass'");
2024-12-09 06:06:15 +00:00
$q->execute();
if($q->rowCount())
message_push(error(i18n("You cannot choose the same password again. Please choose a different password")));
else if(!$_POST['pass1'])
message_push(error(i18n("New Password is required")));
else if($_POST['pass1'] != $_POST['pass2'])
message_push(error(i18n("Passwords do not match")));
else if(user_valid_password($_POST['pass1']) == false)
message_push(error(i18n("The password contains invalid characters or is not long enough")));
else {
user_set_password($_SESSION['users_id'], $pass);
unset($_SESSION['password_expired']);
message_push(happy(i18n('Your password has been successfully updated')));
header("location: $back_link");
exit;
2007-11-16 06:30:42 +00:00
}
}
send_header("{$user_what[$type]} - Change Password",
array("{$user_what[$type]} Registration" => "{$type}_main.php")
,"change_password"
);
2007-11-16 06:30:42 +00:00
2024-12-17 06:34:35 +00:00
if(get_value_from_array($_SESSION, 'password_expired') == true)
2007-11-16 06:30:42 +00:00
{
echo i18n('Your password has expired. You must choose a new password now.');
}
echo "<form name=\"changepassform\" method=\"post\" action=\"user_password.php\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"save\" />\n";
echo "<table>\n";
echo "<br />";
echo "<table>";
echo "<tr><td>";
echo i18n("Enter New Password:");
echo "</td><td>";
echo "<input type=\"password\" size=\"10\" name=\"pass1\">";
echo "</td></tr>";
echo "<tr><td>";
echo i18n("Confirm New Password:");
echo "</td><td>";
echo "<input type=\"password\" size=\"10\" name=\"pass2\">";
echo "</td></tr>";
echo "</table>";
echo "<input type=\"submit\" value=\"".i18n("Change Password")."\" />\n";
echo "</form>";
echo "<br />";
echo "<div style=\"font-size: 0.75em;\">".i18n('Passwords must be be between 6 and 32 characters, and may NOT contain any quote or a backslash.')."</div>";
send_footer();
?>