ob_start(); session_start(); include dirname(__FILE__) . "/login.inc.php"; $user = lib_login_protect_page_uber(); $goback = GetReferer(); $goback = explode("?", $goback); $goback = $goback[0]; $string = getgString(); // we must do some testing before we change anything! // $string[61] = "password is too short" // $string[62] = "password same as username" // $string[18] = "invalid username or password" $error = "success"; if ($username == "") { $error = urlencode($string[18]); } if (!lib_login_account_exists($username)) { $error = urlencode($string[18]); } if (strlen($newpassword) < $MIN_PASSWORD_LENGTH) { $error = urlencode($string[61]); } if ($username == $newpassword) { $error = urlencode($string[62]); } if ($error == "success") { lib_login_change_password_for_user($username, $newpassword); } header("Location: {$goback}?error={$error}"); lib_login_no_browser_redirect("{$goback}?delerror={$error}"); ob_end_flush();
function lib_login_test_bad_attempts($username) { global $BAD_ATTEMPTS_MAX; global $gDB; $db = $gDB; // if this is not a valid username then there's no point // in continuing... if (!lib_login_account_exists($username)) { return 1; } $sql_test = <<<SQL \t\tSELECT\ttries \t\tFROM\ttbl_users \t\tWHERE\tusername='******' SQL; $result = $db->Execute($sql_test); if ($result->fields[0] >= $BAD_ATTEMPTS_MAX) { return true; } return false; }