<?php require "www2-funcs.php"; login_init(); toolbox_header("密码修改"); assert_login(); if (isset($_GET['do'])) { $pass = $_POST['pw2']; if (strlen($pass) < 4 || strlen($pass) > 39) { html_error_quit("新密码长度应为 4~39"); } if ($pass != $_POST['pw3']) { html_error_quit("两次输入的密码不相同"); } if (bbs_checkuserpasswd($currentuser["userid"], $_POST['pw1']) != 0) { html_error_quit("密码不正确"); } $simplepasswd = bbs_simplepasswd($pass); if ($simplepasswd == -1) { html_error_quit("该密码被禁止使用,请重新设置密码"); } else { if ($simplepasswd) { prompt_setpasswd(); } } if (!bbs_setpassword($currentuser["userid"], $pass)) { html_error_quit("系统错误,请联系管理员"); } html_success_quit("密码修改成功,您的新密码已设定"); exit; }
/** * function checkPwd check password right or not * if login must log because it will set current user OMG * this is not a well design function * * @param string $id * @param string $pwd * @param boolean $md5 * @param boolean $log if false, can not use $md5 * @return boolean true|false * @static * @access public */ public static function checkPwd($id, $pwd, $md5, $log) { //bbs_checkuserpasswd only check no log //bbs_checkpasswd check, set current user and log error for login $md5 = $md5 ? 1 : 0; if ($md5) { return bbs_checkpasswd($id, $pwd, $md5) == 0; } else { if ($log) { return bbs_checkpasswd($id, $pwd, $md5) == 0; } else { return bbs_checkuserpasswd($id, $pwd) == 0; } } }