Beispiel #1
0
function change_password_form()
{
    global $LANG;
    if ($GLOBALS['me']) {
        $form = '<div class="change_password_form other_form">';
        if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['change_password_form']) && \site\utils::check_csrf($_POST['change_password_form']['csrf'], 'change_password_csrf')) {
            $pd = \site\utils::validate_user_data($_POST['change_password_form']);
            try {
                \user\main::change_password($GLOBALS['me']->ID, $pd);
                $form .= '<div class="success">' . $LANG['change_pwd_success'] . '</div>';
            } catch (Exception $e) {
                $form .= '<div class="error">' . $e->getMessage() . '</div>';
            }
        }
        $csrf = $_SESSION['change_password_csrf'] = \site\utils::str_random(12);
        $form .= '<form method="POST" action="#">
  <div class="form_field"><label for="change_password_form[old]">' . $LANG['change_pwd_form_old'] . ':</label> <div><input type="password" name="change_password_form[old]" id="change_password_form[old]" value="" required /></div></div>
  <div class="form_field"><label for="change_password_form[new]">' . $LANG['change_pwd_form_new'] . ':</label> <div><input type="password" name="change_password_form[new]" id="change_password_form[new]" value="" required /></div></div>
  <div class="form_field"><label for="change_password_form[new2]">' . $LANG['change_pwd_form_new2'] . ':</label> <div><input type="password" name="change_password_form[new2]" id="change_password_form[new2]" value="" required /></div></div>
  <input type="hidden" name="change_password_form[csrf]" value="' . $csrf . '" />
  <button>' . $LANG['change_pwd_button'] . '</button>
  </form>

  </div>';
        return $form;
    } else {
        return '<div class="info_form">' . $LANG['unavailable_form'] . '</div>';
    }
}