--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+\r
+//Forms posted\r
+if(!empty($_POST))\r
+{\r
+ $errors = array();\r
+ $username = sanitize(trim($_POST["username"]));\r
+ $password = trim($_POST["password"]);\r
+ $password_new = trim($_POST["password_new"]);\r
+ $password_confirm = trim($_POST["password_confirm"]);\r
+ \r
+ //Perform some validation\r
+ //Feel free to edit / change as required\r
+ if($username == "")\r
+ {\r
+ $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");\r
+ }\r
+ if($password == "")\r
+ {\r
+ $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");\r
+ }\r
+\r
+ if(count($errors) == 0)\r
+ {\r
+ //A security note here, never tell the user which credential was incorrect\r
+ if(!usernameExists($username))\r
+ {\r
+ $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
+ }\r
+ else\r
+ {\r
+ $userdetails = fetchUserDetails($username);\r
+ //See if the user's account is activated\r
+ if($userdetails["active"]==0)\r
+ {\r
+ $errors[] = lang("ACCOUNT_INACTIVE");\r
+ }\r
+ else\r
+ {\r
+ //Hash the password and use the salt from the database to compare the password.\r
+ $entered_pass = generateHash($password,$userdetails["password"]);\r
+\r
+ //echo "".$userdetails["password"]; //Wut is dis\r
+ \r
+ if($entered_pass != $userdetails["password"])\r
+ {\r
+ //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing\r
+ $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
+ }\r
+ else\r
+ {\r
+ //Passwords match! we're good to go'\r
+ \r
+ //Construct a new logged in user object\r
+ //Transfer some db data to the session object\r
+ $loggedInUser = new loggedInUser();\r
+ $loggedInUser->email = $userdetails["email"];\r
+ $loggedInUser->user_id = $userdetails["id"];\r
+ $loggedInUser->hash_pw = $userdetails["password"];\r
+ $loggedInUser->title = $userdetails["title"];\r
+ $loggedInUser->displayname = $userdetails["display_name"];\r
+ $loggedInUser->username = $userdetails["user_name"];\r
+ \r
+ if(trim($password_new) == "")\r
+ {\r
+ $errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD");\r
+ }\r
+ else if(trim($password_confirm) == "")\r
+ {\r
+ $errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD");\r
+ }\r
+ else if(minMaxRange(6,50,$password_new))\r
+ { \r
+ $errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH",array(6,50));\r
+ }\r
+ else if($password_new != $password_confirm)\r
+ {\r
+ $errors[] = lang("ACCOUNT_PASS_MISMATCH");\r
+ }\r
+ \r
+ //End data validation\r
+ if(count($errors) == 0)\r
+ {\r
+ //Also prevent updating if someone attempts to update with the same password\r
+ $entered_pass_new = generateHash($password_new,$loggedInUser->hash_pw);\r
+ \r
+ if($entered_pass_new == $loggedInUser->hash_pw)\r
+ {\r
+ //Don't update, this fool is trying to update with the same password ¬¬\r
+ $errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE");\r
+ }\r
+ else\r
+ {\r
+ //This function will create the new hash and update the hash_pw property.\r
+ $loggedInUser->updatePassword($password_new);\r
+ $successes[] = lang("ACCOUNT_PASSWORD_UPDATED");\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+}\r
+\r
+if (isUserLoggedIn())\r
+{\r
+ //If not admin, log them out after pw change\r
+ if (!$loggedInUser->checkPermission(array(2)))\r
+ {\r
+ $loggedInUser->userLogOut();\r
+ }\r
+}\r
+\r
+require_once("models/header.php");\r
+startPage();\r
+\r
+echo '\r
+ <div id="login-container">\r
+ <div class="widget">\r
+ <div class="title centre">Change of password</div>\r
+ <form id="login-update" class="clear" name="login-update" action="'.$_SERVER["PHP_SELF"].'" method="post">\r
+ <p>\r
+ <label>\r
+ Username<br>\r
+ <input name="username" type="text">\r
+ </label>\r
+ </p>\r
+ <p>\r
+ <label>\r
+ Password<br>\r
+ <input name="password" type="password">\r
+ </label> \r
+ </p>\r
+ <p>\r
+ <label>\r
+ New password<br>\r
+ <input name="password_new" type="password">\r
+ </label> \r
+ </p>\r
+ <p>\r
+ <label>\r
+ Confirm password<br>\r
+ <input name="password_confirm" type="password">\r
+ </label> \r
+ </p>\r
+ <p style="float:left; margin:0;">\r
+ <a href="forgot-password.php">Forgotten password?</a>\r
+ </p>\r
+ <p style="float:right; margin:0;">\r
+ <input type="submit" value="Update">\r
+ </p>\r
+ </form>';\r
+ \r
+echo resultBlock($errors,$successes); \r
+echo '\r
+ </div>\r
+ </div>\r
+ ';\r
+\r
+finishPage();\r
+\r
+?>\r
git.ucc.asn.au / matches / MCTX3420.git / blobdiff
UCC git Repository :: git.ucc.asn.au