arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity
83c683063e
science-ation/user_account.php
dave 83c683063e 6 character passwords
2010-07-13 18:28:13 +00:00

236 lines
6.6 KiB
PHP
Raw Blame History

<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
Copyright (C) 2007 David Grant <dave@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
require_once("common.inc.php");
require_once("account.inc.php");
/* Make sure the user is logged in (accounts_id is set) */
if(!isset($_SESSION['accounts_id'])) {
message_push(error(i18n("You must login to view that page")));
header("location: {$config['SFIABDIRECTORY']}/index.php");
exit;
}
/* Superuser may edit this for any account, if the user is not a superuser, force
* the accounts_id to be whatever is in the session */
if($_SESSION['superuser']) {
$accounts_id = intval($_GET['accounts_id']);
if($accounts_id == 0) $accounts_id = $_SESSION['accounts_id'];
} else {
$accounts_id = $_SESSION['accounts_id'];
}
if(array_key_exists('request_uri', $_SESSION))
$back_link = $_SESSION['request_uri'];
else
$back_link = "user_main.php";
unset($_SESSION['request_uri']);
if($_GET['action']=="save") {
echo "Not implemented!";
exit;
$a = account_load($accounts_id);
$save_email = false;
if($a['email'] != $_POST['email']) {
$save_email = true;
/* Change email */
$email = $_POST['email'];
if(!account_valid_email($email)) {
error_('Invalid email address');
$save_email = false;
}
}
$save_username = false;
$save_pass = false;
if($_POST['pass1']!='' || $_POST['pass2']!='') {
$pass = mysql_escape_string($_POST['pass1']);
//first, lets see if they choose the same password again (bad bad bad)
$q=mysql_query("SELECT password FROM accounts WHERE
id='{$_SESSION['accounts_id']}'
AND password='$pass'");
if(mysql_num_rows($q))
error_("You cannot choose the same password again. Please choose a different password");
else if($_POST['pass1'] == '')
error_("New Password is required");
else if($_POST['pass1'] != $_POST['pass2'])
error_("Passwords do not match");
else if(account_valid_password($_POST['pass1']) == false)
error_("The password contains invalid characters or is not long enough");
else {
$pass = $_POST['pass1'];
$save_pass = true;
}
}
if($save_email) {
action_create_set_email($accounts_id, $email);
happy_("An email has been sent to %1 to confirm the new email address", array($email));
}
if($save_pass) {
account_set_password($_SESSION['accounts_id'], $pass);
unset($_SESSION['password_expired']);
happy_('Password has been successfully updated');
header("location: $back_link");
exit;
}
}
send_header("Account Information",
array("Main" => "user_main.php")
,"change_password"
);
?>
<script type="text/javascript" src="<?=$config['SFIABDIRECTORY']?>/js/validate/jquery.validate.pack.js"></script>
<?
$a = account_load($accounts_id);
$d = '';
$email = $a['email'];
$username_yes = 'checked="checked"';
$username_no = '';
$username = $email;
$ud = 'disabled="disabled"';
if($_SESSION['password_expired'] == true) {
echo info(i18n('Your password has expired. You must choose a new password now.'));
$d = 'disabled="disabled"';
}
?>
<form class="editor" name="account" id="accountform">
<table><tr>
<td><label for="email"><?=i18n('Email')?>:</label></td>
<td><input id="email" <?=$d?> name="email" type="text" size="20" value="<?=$email?>"></td>
</tr><tr>
<td></td><td>
<div style="font-size: 0.75em;"><?=i18n('Changing the email address will cause a confirmation email to besent to the new email address before the change will take effect.')?></div>
<br /><br />
</td>
</tr><tr>
<td><?=i18n('Username')?>:</td>
<td> <input <?=$ud?> <?=$d?> id="username" name=username type="text" size="20" value="<?=$username?>"><br />
<input id="username_link" <?=$username_yes?> <?=$d?> type="checkbox" name="username_link" value="yes" />
<?=i18n('Use the email address as the login username')?><br />
</td>
</tr><tr>
<td colspan="2">
<br /><br />
</td>
</tr><tr>
<td><label for="pass1"><?=i18n('New Password')?>:</label></td>
<td><input id="pass1" name="pass1" type="password" size="20" value=""></td>
</tr><tr>
<td><label for="pass2"><?=i18n('Confirm New Password')?>:</label></td>
<td><input id="pass2" name="pass2" type="password" size="20" value=""></td>
</tr><tr>
<td></td><td>
<div style="font-size: 0.75em;"><?=i18n('Passwords must be be between 6 and 32 characters, and may NOT contain any quote or a backslash.')?></div>
</td>
</tr></table>
<br />
<br />
<input type="submit" value="<?=i18n("Save")?>" />
</form>
<br />
<script type="text/javascript">
$.validator.setDefaults({
submitHandler: function() { alert("submitted!"); }
});
$().ready(function() {
// validate signup form on keyup and submit
$("#accountform").validate({
rules: {
email: {
required: true,
email: true
},
username: {
required: "#username_link:checked",
minlength: 4
},
pass1: {
required: true,
minlength: 6,
maxlength: 32
},
pass2: {
required: true,
minlength: 6,
maxlength: 32,
equalTo: "#pass1"
}
},
messages: {
email: "Please enter a valid email address",
username: {
required: "Please enter a username",
minlength: "Your username must consist of at least 2 characters"
},
pass1: {
required: "Please provide a password",
minlength: "Your password must be at least 6 characters long",
maxlength: "Your password must be at most 32 characters long"
},
pass2: {
required: "Please provide a password",
minlength: "Your password must be at least 6 characters long",
maxlength: "Your password must be at most 32 characters long",
equalTo: "Please enter the same password as above"
}
}
});
var username_link = $("#username_link").is(":checked");
$("#username").attr("disabled", username_link);
$("#username_link").click(function() {
$("#username").attr("disabled", this.checked);
});
});
</script>
<?
send_footer();
?>
View Git Blame Copy Permalink