<?php
require "www2-funcs.php";
login_init();
toolbox_header("密码修改");
assert_login();
if (isset($_GET['do'])) {
$pass = $_POST['pw2'];
if (strlen($pass) < 4 || strlen($pass) > 39) {
html_error_quit("新密码长度应为 4~39");
}
if ($pass != $_POST['pw3']) {
html_error_quit("两次输入的密码不相同");
}
if (bbs_checkuserpasswd($currentuser["userid"], $_POST['pw1']) != 0) {
html_error_quit("密码不正确");
}
$simplepasswd = bbs_simplepasswd($pass);
if ($simplepasswd == -1) {
html_error_quit("该密码被禁止使用,请重新设置密码");
} else {
if ($simplepasswd) {
prompt_setpasswd();
}
}
if (!bbs_setpassword($currentuser["userid"], $pass)) {
html_error_quit("系统错误,请联系管理员");
}
html_success_quit("密码修改成功,您的新密码已设定");
exit;
}
/**
* function checkPwd check password right or not
* if login must log because it will set current user OMG
* this is not a well design function
*
* @param string $id
* @param string $pwd
* @param boolean $md5
* @param boolean $log if false, can not use $md5
* @return boolean true|false
* @static
* @access public
*/
public static function checkPwd($id, $pwd, $md5, $log)
{
//bbs_checkuserpasswd only check no log
//bbs_checkpasswd check, set current user and log error for login
$md5 = $md5 ? 1 : 0;
if ($md5) {
return bbs_checkpasswd($id, $pwd, $md5) == 0;
} else {
if ($log) {
return bbs_checkpasswd($id, $pwd, $md5) == 0;
} else {
return bbs_checkuserpasswd($id, $pwd) == 0;
}
}
}
