arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity
7e84ab0222
science-ation/user_password.php
dave a9318b6303 - Move all the password handling code into one function (not duplicated/spread 
over 3 files)
- Fix a bug to always save the old password (unless it was a reset password)
- Fix a bug to save the old password even when the user sets a new one
2008-07-09 17:02:11 +00:00

128 lines
3.9 KiB
PHP
Raw Blame History

<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
Copyright (C) 2007 David Grant <dave@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
require_once("common.inc.php");
require_once("user.inc.php");
$type = false;
if(isset($_SESSION['users_type'])) {
$type = $_SESSION['users_type'];
} else {
header("location: {$config['SFIABDIRECTORY']}/index.php?notice=auth_required");
exit;
}
/* Make sure the user is logged in, but don't check passwd expiry */
if(!isset($_SESSION['users_type'])) {
header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type&notice=auth_required");
exit;
}
if($_SESSION['users_type'] != $type) {
header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type&notice=auth_required");
exit;
}
$notice=$_GET['notice'];
$back_link = "{$type}_main.php";
$password_expiry_days = $config["{$type}_password_expiry_days"];
if($_POST['action']=="save")
{
$pass = mysql_escape_string($_POST['pass1']);
//first, lets see if they choosed the same password again (bad bad bad)
$q=mysql_query("SELECT password FROM users WHERE
id='{$_SESSION['users_id']}'
AND password='$pass'");
if(mysql_num_rows($q)) $notice = 'same';
else if(!$_POST['pass1']) $notice = 'passwordrequired';
else if($_POST['pass1'] != $_POST['pass2']) $notice = 'nomatch';
else if(user_valid_password($_POST['pass1']) == false) $notice = 'invalidchars';
else {
user_set_password($_SESSION['users_id'], $pass);
unset($_SESSION['password_expired']);
header("location: $back_link?notice=password_changed");
exit;
}
}
send_header("{$user_what[$type]} - Change Password",
array("{$user_what[$type]} Registration" => "{$type}_main.php")
);
if($_SESSION['password_expired'] == true)
{
echo i18n('Your password has expired. You must choose a new password now.');
}
switch($notice) {
case 'same':
echo error(i18n("You cannot choose the same password again. Please choose a different password"));
break;
case 'passwordrequired':
echo error(i18n("New Password is required"));
break;
case 'nomatch':
echo error(i18n("Passwords do not match"));
break;
case 'invalidchars':
echo error(i18n("The password contains invalid characters or is not long enough"));
default:
}
echo "<form name=\"changepassform\" method=\"post\" action=\"user_password.php\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"save\" />\n";
echo "<table>\n";
echo "<br />";
echo "<table>";
echo "<tr><td>";
echo i18n("Enter New Password:");
echo "</td><td>";
echo "<input type=\"password\" size=\"10\" name=\"pass1\">";
echo "</td></tr>";
echo "<tr><td>";
echo i18n("Confirm New Password:");
echo "</td><td>";
echo "<input type=\"password\" size=\"10\" name=\"pass2\">";
echo "</td></tr>";
echo "</table>";
echo "<input type=\"submit\" value=\"".i18n("Change Password")."\" />\n";
echo "</form>";
echo "<br />";
echo "<div style=\"font-size: 0.75em;\">".i18n('Passwords must be be between 6 and 32 characters, and may NOT contain any quote or a backslash.')."</div>";
send_footer();
?>
View Git Blame Copy Permalink