arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity
8972b5219f
science-ation/user_password.php
dave 7f7c3c53e1 - Change the password expiry mechanism to always check 
{$type}_password_expiry_days.  This allows the $config variable to be updated
  and everyones password will expire based on the new value.  To implement
  this, the password expiry column in the users table has been changed to
  passwordset, and a PHP script is used to convert the expiry dates to set
  dates (based on the _password_expiry_days)
- Cleanup the password entry checking
- Load all config variables for the db_update.php script.  Just in case an
  update script wants access to $config
2007-12-21 08:38:13 +00:00

131 lines
3.9 KiB
PHP
Raw Blame History

<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
Copyright (C) 2007 David Grant <dave@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
require_once("common.inc.php");
require_once("user.inc.php");
$type = false;
if(isset($_SESSION['users_type'])) {
$type = $_SESSION['users_type'];
} else {
header("location: {$config['SFIABDIRECTORY']}/index.php?notice=auth_required");
exit;
}
/* Make sure the user is logged in, but don't check passwd expiry */
if(!isset($_SESSION['users_type'])) {
header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type&notice=auth_required");
exit;
}
if($_SESSION['users_type'] != $type) {
header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type&notice=auth_required");
exit;
}
$notice=$_GET['notice'];
$back_link = "{$type}_main.php";
$password_expiry_days = $config["{$type}_password_expiry_days"];
if($_POST['action']=="save")
{
$pass = mysql_escape_string($_POST['pass1']);
//first, lets see if they choosed the same password again (bad bad bad)
$q=mysql_query("SELECT password FROM users WHERE
id='{$_SESSION['users_id']}'
AND password='$pass'");
if(mysql_num_rows($q)) $notice = 'same';
else if(!$_POST['pass1']) $notice = 'passwordrequired';
else if($_POST['pass1'] != $_POST['pass2']) $notice = 'nomatch';
else if(user_valid_password($_POST['pass1']) == false) $notice = 'invalidchars';
else {
mysql_query("UPDATE users SET
password='$pass',
passwordset=NOW()
WHERE id='{$_SESSION['users_id']}'");
unset($_SESSION['password_expired']);
header("location: $back_link?notice=password_changed");
exit;
}
}
send_header("{$user_what[$type]} - Change Password",
array("{$user_what[$type]} Registration" => "{$type}_main.php")
);
if($_SESSION['password_expired'] == true)
{
echo i18n('Your password has expired. You must choose a new password now.');
}
switch($notice) {
case 'same':
echo error(i18n("You cannot choose the same password again. Please choose a different password"));
break;
case 'passwordrequired':
echo error(i18n("New Password is required"));
break;
case 'nomatch':
echo error(i18n("Passwords do not match"));
break;
case 'invalidchars':
echo error(i18n("The password contains invalid characters or is not long enough"));
default:
}
echo "<form name=\"changepassform\" method=\"post\" action=\"user_password.php\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"save\" />\n";
echo "<table>\n";
echo "<br />";
echo "<table>";
echo "<tr><td>";
echo i18n("Enter New Password:");
echo "</td><td>";
echo "<input type=\"password\" size=\"10\" name=\"pass1\">";
echo "</td></tr>";
echo "<tr><td>";
echo i18n("Confirm New Password:");
echo "</td><td>";
echo "<input type=\"password\" size=\"10\" name=\"pass2\">";
echo "</td></tr>";
echo "</table>";
echo "<input type=\"submit\" value=\"".i18n("Change Password")."\" />\n";
echo "</form>";
echo "<br />";
echo "<div style=\"font-size: 0.75em;\">".i18n('Passwords must be be between 6 and 32 characters, and may NOT contain any quote or a backslash.')."</div>";
send_footer();
?>
View Git Blame Copy Permalink