arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

Update the password change page

Browse Source
This commit is contained in:
dave 2010-07-13 03:30:24 +00:00
parent 2a4b64588d
commit c3f2e0c589
1 changed files with 12 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
user_password.php
View File

@ -24,47 +24,27 @@
?> ?>
<? <?
require_once("common.inc.php"); require_once("common.inc.php");
require_once("user.inc.php"); require_once("account.inc.php");
$type = false; /* Make sure the user is logged in (accounts_id is set) */
if(isset($_SESSION['users_type'])) { if(!isset($_SESSION['accounts_id'])) {
$type = $_SESSION['users_type'];
} else {
message_push(error(i18n("You must login to view that page"))); message_push(error(i18n("You must login to view that page")));
header("location: {$config['SFIABDIRECTORY']}/index.php"); header("location: {$config['SFIABDIRECTORY']}/index.php");
exit; exit;
} }
/* Make sure the user is logged in, but don't check passwd expiry */
if(!isset($_SESSION['users_type'])) {
message_push(error(i18n("You must login to view that page")));
header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type");
exit;
}
if($_SESSION['users_type'] != $type) {
message_push(error(i18n("You must login to view that page")));
header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type");
exit;
}
if(array_key_exists('request_uri', $_SESSION)) if(array_key_exists('request_uri', $_SESSION))
$back_link = $_SESSION['request_uri']; $back_link = $_SESSION['request_uri'];
else else
$back_link = "{$type}_main.php"; $back_link = "user_main.php";
unset($_SESSION['request_uri']); unset($_SESSION['request_uri']);
$password_expiry_days = $config["{$type}_password_expiry_days"]; if($_POST['action']=="save") {
if($_POST['action']=="save")
{
$pass = mysql_escape_string($_POST['pass1']); $pass = mysql_escape_string($_POST['pass1']);
//first, lets see if they choosed the same password again (bad bad bad) //first, lets see if they choose the same password again (bad bad bad)
$q=mysql_query("SELECT password FROM users WHERE $q=mysql_query("SELECT password FROM accounts WHERE
id='{$_SESSION['users_id']}' id='{$_SESSION['accounts_id']}'
AND password='$pass'"); AND password='$pass'");
if(mysql_num_rows($q)) if(mysql_num_rows($q))
@ -73,10 +53,10 @@
message_push(error(i18n("New Password is required"))); message_push(error(i18n("New Password is required")));
else if($_POST['pass1'] != $_POST['pass2']) else if($_POST['pass1'] != $_POST['pass2'])
message_push(error(i18n("Passwords do not match"))); message_push(error(i18n("Passwords do not match")));
else if(user_valid_password($_POST['pass1']) == false) else if(account_valid_password($_POST['pass1']) == false)
message_push(error(i18n("The password contains invalid characters or is not long enough"))); message_push(error(i18n("The password contains invalid characters or is not long enough")));
else { else {
user_set_password($_SESSION['users_id'], $pass); account_set_password($_SESSION['accounts_id'], $pass);
unset($_SESSION['password_expired']); unset($_SESSION['password_expired']);
message_push(happy(i18n('Your password has been successfully updated'))); message_push(happy(i18n('Your password has been successfully updated')));
@ -85,8 +65,8 @@
} }
} }
send_header("{$user_what[$type]} - Change Password", send_header("Change Password",
array("{$user_what[$type]} Registration" => "{$type}_main.php") array("Main" => "user_main.php")
,"change_password" ,"change_password"
); );