git.ucc.asn.au / matches / MCTX3420.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Nicen the rego form and add back the change password form
[matches/MCTX3420.git] / testing / MCTXWeb / public_html / users / user_change_details.php
1 <?php\r
2 /*\r
3 UserCake Version: 2.0.2\r
4 http://usercake.com\r
5 */\r
6 \r
7 require_once("models/config.php");\r
8 if (!securePage($_SERVER['PHP_SELF'])){die();}\r
9 \r
10 //Forms posted\r
11 if(!empty($_POST))\r
12 {\r
13         $errors = array();\r
14         $username = sanitize(trim($_POST["username"]));\r
15         $password = trim($_POST["password"]);\r
16   $password_new = trim($_POST["password_new"]);\r
17   $password_confirm = trim($_POST["password_confirm"]);\r
18         \r
19         //Perform some validation\r
20         //Feel free to edit / change as required\r
21         if($username == "")\r
22         {\r
23                 $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");\r
24         }\r
25         if($password == "")\r
26         {\r
27                 $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");\r
28         }\r
29 \r
30         if(count($errors) == 0)\r
31         {\r
32                 //A security note here, never tell the user which credential was incorrect\r
33                 if(!usernameExists($username))\r
34                 {\r
35                         $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
36                 }\r
37                 else\r
38                 {\r
39                         $userdetails = fetchUserDetails($username);\r
40                         //See if the user's account is activated\r
41                         if($userdetails["active"]==0)\r
42                         {\r
43                                 $errors[] = lang("ACCOUNT_INACTIVE");\r
44                         }\r
45                         else\r
46                         {\r
47                                 //Hash the password and use the salt from the database to compare the password.\r
48                                 $entered_pass = generateHash($password,$userdetails["password"]);\r
49 \r
50                                 //echo "".$userdetails["password"]; //Wut is dis\r
51                                 \r
52                                 if($entered_pass != $userdetails["password"])\r
53                                 {\r
54                                         //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing\r
55                                         $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
56                                 }\r
57                                 else\r
58                                 {\r
59                                         //Passwords match! we're good to go'\r
60                                         \r
61                                         //Construct a new logged in user object\r
62                                         //Transfer some db data to the session object\r
63                                         $loggedInUser = new loggedInUser();\r
64                                         $loggedInUser->email = $userdetails["email"];\r
65                                         $loggedInUser->user_id = $userdetails["id"];\r
66                                         $loggedInUser->hash_pw = $userdetails["password"];\r
67                                         $loggedInUser->title = $userdetails["title"];\r
68                                         $loggedInUser->displayname = $userdetails["display_name"];\r
69                                         $loggedInUser->username = $userdetails["user_name"];\r
70                                         \r
71           if(trim($password_new) == "")\r
72           {\r
73             $errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD");\r
74           }\r
75           else if(trim($password_confirm) == "")\r
76           {\r
77             $errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD");\r
78           }\r
79           else if(minMaxRange(6,50,$password_new))\r
80           {     \r
81             $errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH",array(6,50));\r
82           }\r
83           else if($password_new != $password_confirm)\r
84           {\r
85             $errors[] = lang("ACCOUNT_PASS_MISMATCH");\r
86           }\r
87           \r
88           //End data validation\r
89           if(count($errors) == 0)\r
90           {\r
91             //Also prevent updating if someone attempts to update with the same password\r
92             $entered_pass_new = generateHash($password_new,$loggedInUser->hash_pw);\r
93             \r
94             if($entered_pass_new == $loggedInUser->hash_pw)\r
95             {\r
96               //Don't update, this fool is trying to update with the same password Â¬Â¬\r
97               $errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE");\r
98             }\r
99             else\r
100             {\r
101               //This function will create the new hash and update the hash_pw property.\r
102               $loggedInUser->updatePassword($password_new);\r
103               $successes[] = lang("ACCOUNT_PASSWORD_UPDATED");\r
104             }\r
105           }\r
106                                 }\r
107                         }\r
108                 }\r
109         }\r
110 }\r
111 \r
112 if (isUserLoggedIn())\r
113 {\r
114   //If not admin, log them out after pw change\r
115   if (!$loggedInUser->checkPermission(array(2)))\r
116   {\r
117     $loggedInUser->userLogOut();\r
118   }\r
119 }\r
120 \r
121 require_once("models/header.php");\r
122 startPage();\r
123 \r
124 echo '\r
125       <div id="login-container">\r
126        <div class="widget">\r
127           <div class="title centre">Change of password</div>\r
128            <form id="login-update" class="clear" name="login-update" action="'.$_SERVER["PHP_SELF"].'" method="post">\r
129              <p>\r
130                <label>\r
131                  Username<br>\r
132                  <input name="username" type="text">\r
133                </label>\r
134              </p>\r
135              <p>\r
136                <label>\r
137                  Password<br>\r
138                  <input name="password" type="password">\r
139                </label>             \r
140              </p>\r
141              <p>\r
142                <label>\r
143                  New password<br>\r
144                  <input name="password_new" type="password">\r
145                </label>             \r
146              </p>\r
147              <p>\r
148                <label>\r
149                  Confirm password<br>\r
150                  <input name="password_confirm" type="password">\r
151                </label>             \r
152              </p>\r
153              <p style="float:left; margin:0;">\r
154                <a href="forgot-password.php">Forgotten password?</a>\r
155              </p>\r
156              <p style="float:right; margin:0;">\r
157                <input type="submit" value="Update">\r
158              </p>\r
159             </form>';\r
160             \r
161 echo resultBlock($errors,$successes);            \r
162 echo '\r
163        </div>\r
164       </div>\r
165  ';\r
166 \r
167 finishPage();\r
168 \r
169 ?>\r
Repository for MCTX3420 2013 Project, Team 4

UCC git Repository :: git.ucc.asn.au