}
$failed_msg = '';
$pw = '';
$failed = false;
$serious_failed = false;
if (isset($_POST['password_new'])) {
$user2 = $user;
$user2['user_password_lastchanged'] = time();
// All new
$pw = $_POST['password_new'];
try {
if ($id == $login['user_id'] && (!isset($_POST['password_old']) || getPasswordHash($_POST['password_old']) != $user['user_password'])) {
$serious_failed = true;
throw new Exception(_h('Old password is not correct.'));
}
loginPWcheckExternal($user2, $pw);
loginPWcheckSetNew($user2, $pw);
} catch (Exception $e) {
$failed_msg = $e->getMessage();
$failed = true;
}
if (!$serious_failed && (!$failed || $failed && isset($_POST['ignore_msg']) && $_POST['ignore_msg'] == '1')) {
$sql = 'UPDATE `users` SET ' . '`user_password` = \'' . getPasswordHash($pw) . '\', ' . '`user_password_1` = \'' . $user['user_password'] . '\', ' . '`user_password_2` = \'' . $user['user_password_1'] . '\', ' . '`user_password_3` = \'' . $user['user_password_2'] . '\', ' . '`user_password_lastchanged` = \'' . time() . '\', ' . '`user_password_complex` = \'' . !$failed . '\'' . ' WHERE `user_id` = ' . $user['user_id'] . ' LIMIT 1 ;';
mysql_query($sql);
if (mysql_error()) {
echo 'Error<br>';
echo mysql_error();
exit;
}
if ($user['user_id'] == $login['user_id']) {
header('Location: logout.php?newpw_ok=1');
exit;
}
if ($newpw_key == mysql_result($Q_login, 0, 'user_newpassword_key') && mysql_result($Q_login, 0, 'user_newpassword_validto') >= time()) {
$forgot_pw_keyokey = true;
if (!isset($_POST['password_new'])) {
// Extend life time of key
$valid_to = time() + 60 * 15;
// 15 min
mysql_query("\n\t\t\t\t\t\t\tupdate `users`\n\t\t\t\t\t\t\tset \n\t\t\t\t\t\t\t\tuser_newpassword_validto = '{$valid_to}'\n\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\tuser_id = '{$user_id}'");
} else {
// Setting the new password
$newpw_user['user_password_lastchanged'] = time();
// All new
$newpw_pw = $_POST['password_new'];
try {
loginPWcheckExternal($newpw_user, $newpw_pw);
loginPWcheckSetNew($newpw_user, $newpw_pw);
} catch (Exception $e) {
$newpw_failed_msg = $e->getMessage();
$newpw_failed = true;
}
if (!$newpw_failed || $newpw_failed && isset($_POST['ignore_msg']) && $_POST['ignore_msg'] == '1') {
$sql = 'UPDATE `users` SET ' . '`user_password` = \'' . getPasswordHash($newpw_pw) . '\', ' . '`user_password_1` = \'' . $newpw_user['user_password'] . '\', ' . '`user_password_2` = \'' . $newpw_user['user_password_1'] . '\', ' . '`user_password_3` = \'' . $newpw_user['user_password_2'] . '\', ' . '`user_password_lastchanged` = \'' . time() . '\', ' . '`user_newpassword_validto` = \'\', ' . '`user_password_complex` = \'' . !$newpw_failed . '\'' . ' WHERE `user_id` = ' . $newpw_user['user_id'] . ' LIMIT 1 ;';
mysql_query($sql);
if (mysql_error()) {
echo 'Error<br>';
echo mysql_error();
exit;
}
header('Location: logout.php?newpw_ok=1');
exit;
