<?php
//check if user is already logged in
//check if session_username doesnt already exist and that Log In form has been submitted
if (isset($_POST['login'])) {
if (!empty($_POST['username']) && !empty($_POST['password'])) {
#trim values
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$user = new Authentication();
//authenticate user
if ($user->authenticateUser($db, $username, $password)) {
//check account_status
if (!$user->accountStatus($db, $username)) {
$message = "This Account was deactivated. Contact the System Administrator.";
$smarty->assign('accountMsg', $message);
$content = $smarty->fetch('./logon/tm0.logon.logon_err.tpl.html');
include_once './config/disconnect.inc.php';
} else {
//Register login Username
$_SESSION['loginUsername'] = $username;
//Register remote IP-Address
$_SESSION['loginIP'] = $_SERVER['REMOTE_ADDR'];
}
} else {
$message = "This username / password combination is incorrect. \nEither check your Login Information and try again or contact the System Administrator.";
$smarty->assign('authMsg', $message);
$smarty->assign($_POST);
$content = $smarty->fetch('./logon/tm0.logon.logon_err.tpl.html');
include_once './config/disconnect.inc.php';
}
SmartyValidate::register_validator('password', 'oldpassword', 'notEmpty');
SmartyValidate::register_validator('password1', 'newpassword:6:-1', 'isLength');
SmartyValidate::register_validator('password2', 'newpassword:confpassword', 'isEqual');
// display form
} else {
// validate after a POST
SmartyValidate::connect($smarty);
if (SmartyValidate::is_valid($_POST)) {
SmartyValidate::disconnect();
// no errors, done with SmartyValidate
#ccreate authenticatio object
$userAuth = new Authentication();
$oldPass = trim($_POST['oldpassword']);
$newPass = trim($_POST['newpassword']);
$cryptNewPass = crypt($newPass, 'yxpijaui93');
if ($userAuth->authenticateUser($db, $_SESSION['loginUsername'], $oldPass)) {
#perform password update
$updatePass = "******";
if ($userAuth->chgPassword($db, $_SESSION['loginUsername'], $newPass)) {
#set session variable 'chg_pass'
$_SESSION['chg_pass'] = '******';
$msg = "Password has been changed. Please log out and re-log in to ensure that your new password works.";
$smarty->assign('updateMsg', $msg);
#$content = $smarty->fetch('./main/staff/chg_pass.tpl.html');
} else {
#update failed
$msg = "Action Failed. Please try again later or contact the Administrator.";
$smarty->assign('updateMsg', $msg);
#$content = $smarty->fetch('./main/staff/chg_pass.tpl.html');
}
unset($_SESSION['prevPath']);
