science-ation/user_password.php

<?
/* 
   This file is part of the 'Science Fair In A Box' project
   SFIAB Website: http://www.sfiab.ca

   Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
   Copyright (C) 2005 James Grant <james@lightbox.org>
   Copyright (C) 2007 David Grant <dave@lightbox.org>

   This program is free software; you can redistribute it and/or
   modify it under the terms of the GNU General Public
   License as published by the Free Software Foundation, version 2.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; see the file COPYING.  If not, write to
   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
   Boston, MA 02111-1307, USA.
*/
?>
<?
 require_once("common.inc.php");
 require_once("user.inc.php");
 

 $type = false;
 if(isset($_SESSION['users_type'])) {
 	$type = $_SESSION['users_type'];
 } else {
	message_push(error(i18n("You must login to view that page")));
 	header("location: {$config['SFIABDIRECTORY']}/index.php");
 	exit;
 }

 /* Make sure the user is logged in, but don't check passwd expiry */
 if(!isset($_SESSION['users_type'])) {
	message_push(error(i18n("You must login to view that page")));
	header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type");
	exit;
 }
 
 if($_SESSION['users_type'] != $type) {
	message_push(error(i18n("You must login to view that page")));
	header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type");
	exit;
 }
											  

 $back_link = "{$type}_main.php";
 $password_expiry_days = $config["{$type}_password_expiry_days"];


 if($_POST['action']=="save")
 {
	$pass = mysql_escape_string($_POST['pass1']);
 	//first, lets see if they choosed the same password again (bad bad bad)
	$q=mysql_query("SELECT password FROM users WHERE 
				id='{$_SESSION['users_id']}' 
				AND password='$pass'");

	if(mysql_num_rows($q))
		message_push(error(i18n("You cannot choose the same password again.  Please choose a different password")));
	else if(!$_POST['pass1']) 
		message_push(error(i18n("New Password is required")));
	else if($_POST['pass1'] != $_POST['pass2']) 
		message_push(error(i18n("Passwords do not match")));
	else if(user_valid_password($_POST['pass1']) == false) 
		message_push(error(i18n("The password contains invalid characters or is not long enough")));
	else {
		user_set_password($_SESSION['users_id'], $pass);
		unset($_SESSION['password_expired']);

		message_push(happy(i18n('Your password has been successfully updated')));
		header("location: $back_link");
		exit;
	}
 }

 send_header("{$user_what[$type]} - Change Password",
                  array("{$user_what[$type]} Registration" => "{$type}_main.php")
				  ,"change_password"
		                  );

 if($_SESSION['password_expired'] == true)
 {
 	echo i18n('Your password has expired.  You must choose a new password now.');
 }

 echo "<form name=\"changepassform\" method=\"post\" action=\"user_password.php\">\n";
 echo "<input type=\"hidden\" name=\"action\" value=\"save\" />\n";
 echo "<table>\n";

		echo "<br />";
		echo "<table>";
		echo "<tr><td>";
		echo i18n("Enter New Password:");
		echo "</td><td>";
		echo "<input type=\"password\" size=\"10\" name=\"pass1\">";
		echo "</td></tr>";
		echo "<tr><td>";
		echo i18n("Confirm New Password:");
		echo "</td><td>";
		echo "<input type=\"password\" size=\"10\" name=\"pass2\">";
		echo "</td></tr>";

echo "</table>";
echo "<input type=\"submit\" value=\"".i18n("Change Password")."\" />\n";
echo "</form>";
echo "<br />";
echo "<div style=\"font-size: 0.75em;\">".i18n('Passwords must be be between 6 and 32 characters, and may NOT contain any quote or a backslash.')."</div>";


send_footer();
?>
- New user and volunteer signup system 2007-11-16 06:30:42 +00:00			`<?`
			`/*`
			`This file is part of the 'Science Fair In A Box' project`
			`SFIAB Website: http://www.sfiab.ca`

			`Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>`
			`Copyright (C) 2005 James Grant <james@lightbox.org>`
			`Copyright (C) 2007 David Grant <dave@lightbox.org>`

			`This program is free software; you can redistribute it and/or`
			`modify it under the terms of the GNU General Public`
			`License as published by the Free Software Foundation, version 2.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU`
			`General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program; see the file COPYING. If not, write to`
			`the Free Software Foundation, Inc., 59 Temple Place - Suite 330,`
			`Boston, MA 02111-1307, USA.`
			`*/`
			`?>`
			`<?`
			`require_once("common.inc.php");`
			`require_once("user.inc.php");`


			`$type = false;`
			`if(isset($_SESSION['users_type'])) {`
			`$type = $_SESSION['users_type'];`
			`} else {`
- conversion of judges to new user system. Mostly works. 2008-10-17 19:34:11 +00:00			`message_push(error(i18n("You must login to view that page")));`
			`header("location: {$config['SFIABDIRECTORY']}/index.php");`
- New user and volunteer signup system 2007-11-16 06:30:42 +00:00			`exit;`
			`}`

			`/* Make sure the user is logged in, but don't check passwd expiry */`
- Fix login check for an expired password - Allow user_personal.php to handle committee members - Add password field if the editer in user_personal has access_super - Allow a committee member to edit anyone in user_personal.php - Convert auth_required to user_auth_required, and check for both a user type and an access level (if committee) - Convert the committee to the new user system (BIG change :) - Remove the ^M from admin/committees.php 2007-11-17 21:59:59 +00:00			`if(!isset($_SESSION['users_type'])) {`
- conversion of judges to new user system. Mostly works. 2008-10-17 19:34:11 +00:00			`message_push(error(i18n("You must login to view that page")));`
			`header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type");`
- Fix login check for an expired password - Allow user_personal.php to handle committee members - Add password field if the editer in user_personal has access_super - Allow a committee member to edit anyone in user_personal.php - Convert auth_required to user_auth_required, and check for both a user type and an access level (if committee) - Convert the committee to the new user system (BIG change :) - Remove the ^M from admin/committees.php 2007-11-17 21:59:59 +00:00			`exit;`
			`}`

			`if($_SESSION['users_type'] != $type) {`
- conversion of judges to new user system. Mostly works. 2008-10-17 19:34:11 +00:00			`message_push(error(i18n("You must login to view that page")));`
			`header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type");`
- Fix login check for an expired password - Allow user_personal.php to handle committee members - Add password field if the editer in user_personal has access_super - Allow a committee member to edit anyone in user_personal.php - Convert auth_required to user_auth_required, and check for both a user type and an access level (if committee) - Convert the committee to the new user system (BIG change :) - Remove the ^M from admin/committees.php 2007-11-17 21:59:59 +00:00			`exit;`
			`}`

- New user and volunteer signup system 2007-11-16 06:30:42 +00:00
			`$back_link = "{$type}_main.php";`
			`$password_expiry_days = $config["{$type}_password_expiry_days"];`


			`if($_POST['action']=="save")`
			`{`
- Change the password expiry mechanism to always check {$type}_password_expiry_days. This allows the $config variable to be updated and everyones password will expire based on the new value. To implement this, the password expiry column in the users table has been changed to passwordset, and a PHP script is used to convert the expiry dates to set dates (based on the _password_expiry_days) - Cleanup the password entry checking - Load all config variables for the db_update.php script. Just in case an update script wants access to $config 2007-12-21 08:38:13 +00:00			`$pass = mysql_escape_string($_POST['pass1']);`
- New user and volunteer signup system 2007-11-16 06:30:42 +00:00			`//first, lets see if they choosed the same password again (bad bad bad)`
- Change the password expiry mechanism to always check {$type}_password_expiry_days. This allows the $config variable to be updated and everyones password will expire based on the new value. To implement this, the password expiry column in the users table has been changed to passwordset, and a PHP script is used to convert the expiry dates to set dates (based on the _password_expiry_days) - Cleanup the password entry checking - Load all config variables for the db_update.php script. Just in case an update script wants access to $config 2007-12-21 08:38:13 +00:00			`$q=mysql_query("SELECT password FROM users WHERE`
			`id='{$_SESSION['users_id']}'`
			`AND password='$pass'");`
- New user and volunteer signup system 2007-11-16 06:30:42 +00:00
- conversion of judges to new user system. Mostly works. 2008-10-17 19:34:11 +00:00			`if(mysql_num_rows($q))`
			`message_push(error(i18n("You cannot choose the same password again. Please choose a different password")));`
			`else if(!$_POST['pass1'])`
			`message_push(error(i18n("New Password is required")));`
			`else if($_POST['pass1'] != $_POST['pass2'])`
			`message_push(error(i18n("Passwords do not match")));`
			`else if(user_valid_password($_POST['pass1']) == false)`
			`message_push(error(i18n("The password contains invalid characters or is not long enough")));`
- Change the password expiry mechanism to always check {$type}_password_expiry_days. This allows the $config variable to be updated and everyones password will expire based on the new value. To implement this, the password expiry column in the users table has been changed to passwordset, and a PHP script is used to convert the expiry dates to set dates (based on the _password_expiry_days) - Cleanup the password entry checking - Load all config variables for the db_update.php script. Just in case an update script wants access to $config 2007-12-21 08:38:13 +00:00			`else {`
- Move all the password handling code into one function (not duplicated/spread over 3 files) - Fix a bug to always save the old password (unless it was a reset password) - Fix a bug to save the old password even when the user sets a new one 2008-07-09 17:02:11 +00:00			`user_set_password($_SESSION['users_id'], $pass);`
- Change the password expiry mechanism to always check {$type}_password_expiry_days. This allows the $config variable to be updated and everyones password will expire based on the new value. To implement this, the password expiry column in the users table has been changed to passwordset, and a PHP script is used to convert the expiry dates to set dates (based on the _password_expiry_days) - Cleanup the password entry checking - Load all config variables for the db_update.php script. Just in case an update script wants access to $config 2007-12-21 08:38:13 +00:00			`unset($_SESSION['password_expired']);`
- Put the nav bar in the password change page 2007-11-16 07:43:02 +00:00
- conversion of judges to new user system. Mostly works. 2008-10-17 19:34:11 +00:00			`message_push(happy(i18n('Your password has been successfully updated')));`
			`header("location: $back_link");`
- Put the nav bar in the password change page 2007-11-16 07:43:02 +00:00			`exit;`
- New user and volunteer signup system 2007-11-16 06:30:42 +00:00			`}`
			`}`

- Put the nav bar in the password change page 2007-11-16 07:43:02 +00:00			`send_header("{$user_what[$type]} - Change Password",`
			`array("{$user_what[$type]} Registration" => "{$type}_main.php")`
Add icons to the profile and password pages 2008-08-27 17:52:46 +00:00			`,"change_password"`
- Put the nav bar in the password change page 2007-11-16 07:43:02 +00:00			`);`
- New user and volunteer signup system 2007-11-16 06:30:42 +00:00
			`if($_SESSION['password_expired'] == true)`
			`{`
			`echo i18n('Your password has expired. You must choose a new password now.');`
			`}`

			`echo "<form name=\"changepassform\" method=\"post\" action=\"user_password.php\">\n";`
			`echo "<input type=\"hidden\" name=\"action\" value=\"save\" />\n";`
			`echo "<table>\n";`

			`echo "<br />";`
			`echo "<table>";`
			`echo "<tr><td>";`
			`echo i18n("Enter New Password:");`
			`echo "</td><td>";`
			`echo "<input type=\"password\" size=\"10\" name=\"pass1\">";`
			`echo "</td></tr>";`
			`echo "<tr><td>";`
			`echo i18n("Confirm New Password:");`
			`echo "</td><td>";`
			`echo "<input type=\"password\" size=\"10\" name=\"pass2\">";`
			`echo "</td></tr>";`

			`echo "</table>";`
			`echo "<input type=\"submit\" value=\"".i18n("Change Password")."\" />\n";`
			`echo "</form>";`
			`echo "<br />";`
			`echo "<div style=\"font-size: 0.75em;\">".i18n('Passwords must be be between 6 and 32 characters, and may NOT contain any quote or a backslash.')."</div>";`


			`send_footer();`
			`?>`