} $failed_msg = ''; $pw = ''; $failed = false; $serious_failed = false; if (isset($_POST['password_new'])) { $user2 = $user; $user2['user_password_lastchanged'] = time(); // All new $pw = $_POST['password_new']; try { if ($id == $login['user_id'] && (!isset($_POST['password_old']) || getPasswordHash($_POST['password_old']) != $user['user_password'])) { $serious_failed = true; throw new Exception(_h('Old password is not correct.')); } loginPWcheckExternal($user2, $pw); loginPWcheckSetNew($user2, $pw); } catch (Exception $e) { $failed_msg = $e->getMessage(); $failed = true; } if (!$serious_failed && (!$failed || $failed && isset($_POST['ignore_msg']) && $_POST['ignore_msg'] == '1')) { $sql = 'UPDATE `users` SET ' . '`user_password` = \'' . getPasswordHash($pw) . '\', ' . '`user_password_1` = \'' . $user['user_password'] . '\', ' . '`user_password_2` = \'' . $user['user_password_1'] . '\', ' . '`user_password_3` = \'' . $user['user_password_2'] . '\', ' . '`user_password_lastchanged` = \'' . time() . '\', ' . '`user_password_complex` = \'' . !$failed . '\'' . ' WHERE `user_id` = ' . $user['user_id'] . ' LIMIT 1 ;'; mysql_query($sql); if (mysql_error()) { echo 'Error<br>'; echo mysql_error(); exit; } if ($user['user_id'] == $login['user_id']) { header('Location: logout.php?newpw_ok=1');
exit; } if ($newpw_key == mysql_result($Q_login, 0, 'user_newpassword_key') && mysql_result($Q_login, 0, 'user_newpassword_validto') >= time()) { $forgot_pw_keyokey = true; if (!isset($_POST['password_new'])) { // Extend life time of key $valid_to = time() + 60 * 15; // 15 min mysql_query("\n\t\t\t\t\t\t\tupdate `users`\n\t\t\t\t\t\t\tset \n\t\t\t\t\t\t\t\tuser_newpassword_validto = '{$valid_to}'\n\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\tuser_id = '{$user_id}'"); } else { // Setting the new password $newpw_user['user_password_lastchanged'] = time(); // All new $newpw_pw = $_POST['password_new']; try { loginPWcheckExternal($newpw_user, $newpw_pw); loginPWcheckSetNew($newpw_user, $newpw_pw); } catch (Exception $e) { $newpw_failed_msg = $e->getMessage(); $newpw_failed = true; } if (!$newpw_failed || $newpw_failed && isset($_POST['ignore_msg']) && $_POST['ignore_msg'] == '1') { $sql = 'UPDATE `users` SET ' . '`user_password` = \'' . getPasswordHash($newpw_pw) . '\', ' . '`user_password_1` = \'' . $newpw_user['user_password'] . '\', ' . '`user_password_2` = \'' . $newpw_user['user_password_1'] . '\', ' . '`user_password_3` = \'' . $newpw_user['user_password_2'] . '\', ' . '`user_password_lastchanged` = \'' . time() . '\', ' . '`user_newpassword_validto` = \'\', ' . '`user_password_complex` = \'' . !$newpw_failed . '\'' . ' WHERE `user_id` = ' . $newpw_user['user_id'] . ' LIMIT 1 ;'; mysql_query($sql); if (mysql_error()) { echo 'Error<br>'; echo mysql_error(); exit; } header('Location: logout.php?newpw_ok=1'); exit;