<?php include 'includes/queries.php'; include 'includes/function.php'; include 'includes/session_define.php'; include 'includes/header.php'; include 'includes/menu.php'; //echo "<pre>"; print_r($_POST); if ($_POST['submit'] == "Update") { $result = 0; $password = $_POST['password']; //echo "<pre>"; print_r($_POST); //print_r($_SESSION); $result = update_user_password($_SESSION['login_user'], $_SESSION['usertype'], $password); if ($result == 1) { $_SESSION['password'] = NULL; $_SESSION['passwordconf'] = NULL; echo "<script>"; echo 'alert("Password Updated Successfully");'; echo "window.location.href ='profile.php';"; echo '</script>'; } else { $error = "Try again password update fail"; } } ?> <div id="page" class="container"> <div id="profile_wrapper"> <div id="profile_title"> <h1>
print "Error: Invalid cookie. The offending cookie has been deleted. Please log in again."; $cookie_handler->delete_cookie("compsec"); } else { if ($new_password != $new_password_repeat) { print "Error: New passwords do not match. Press the back button to try again."; } else { $uuid = $user_cookie->get_uuid(); $results = get_user_data($uuid); $database_password = $results[2]; $salt = $results[3]; // Validate that the supplied password is correct $hashed_password = hash("sha512", $old_password . $salt); if ($database_password == $hashed_password) { // Replace password $hashed_new_password = hash("sha512", $new_password . $salt); update_user_password($uuid, $hashed_new_password); $cookie_handler->delete_cookie("compsec"); print "Password successfully changed! Please <a href =\"login.php\">log in</a> with your new password."; } else { print "Error: Invalid password. Press the back button to try again."; } } } ?> </p> </div> </p> </p>
get_header(); ?> <link rel="stylesheet" href="http://www.thecannabismethod.com/wp-content/themes/zerif-lite-child/css/dashboard.css"> </header> <div id="content" class="site-content"> <div id="dashboard" class="container"> <!-- content --> <div class="row"> <div class="col-sm-5 col-centered text-left"> <?php update_user_password(); ?> <div class="um-form"> <form method="post"> <div class="um-account-heading"><i class="fa fa-asterisk"></i></i></i>Change Password</div> <div class="um-field um-field-user_password"> <div class="um-field-label"> <label for="current_user_password">Current Password</label><div class="um-clear"></div> </div> <div class="um-field-area"> <input class="um-form-field valid" type="password" name="current_user_password" id="current_user_password" maxlength="30"> </div> </div>
} if (strstr($_POST['password'], $_POST['user_id']) != false) { display_error(_("The password cannot contain the user login.")); set_focus('password'); return false; } } return true; } //------------------------------------------------------------------------------------------------- if (($Mode == 'ADD_ITEM' || $Mode == 'UPDATE_ITEM') && check_csrf_token()) { if (can_process()) { if ($selected_id != -1) { update_user_prefs($selected_id, get_post(array('user_id', 'real_name', 'phone', 'email', 'role_id', 'language', 'print_profile', 'rep_popup' => 0, 'pos'))); if ($_POST['password'] != "") { update_user_password($selected_id, $_POST['user_id'], md5($_POST['password'])); } display_notification_centered(_("The selected user has been updated.")); } else { add_user($_POST['user_id'], $_POST['real_name'], md5($_POST['password']), $_POST['phone'], $_POST['email'], $_POST['role_id'], $_POST['language'], $_POST['print_profile'], check_value('rep_popup'), $_POST['pos']); $id = db_insert_id(); // use current user display preferences as start point for new user $prefs = $_SESSION['wa_current_user']->prefs->get_all(); update_user_prefs($id, array_merge($prefs, get_post(array('print_profile', 'rep_popup' => 0, 'language')))); display_notification_centered(_("A new user has been added.")); } $Mode = 'RESET'; } } //------------------------------------------------------------------------------------------------- if ($Mode == 'Delete' && check_csrf_token()) {
set_focus('password'); return false; } if ($_POST['password'] != $_POST['passwordConfirm']) { display_error(_("The passwords entered are not the same.")); set_focus('password'); return false; } return true; } if (isset($_POST['UPDATE_ITEM']) && check_csrf_token()) { if (can_process()) { if ($allow_demo_mode) { display_warning(_("Password cannot be changed in demo mode.")); } else { update_user_password($_SESSION["wa_current_user"]->user, $_SESSION["wa_current_user"]->username, md5($_POST['password'])); display_notification(_("Your password has been updated.")); } $Ajax->activate('_page_body'); } } start_form(); start_table(TABLESTYLE); $myrow = get_user($_SESSION["wa_current_user"]->user); label_row(_("User login:"******""; $_POST['passwordConfirm'] = ""; password_row(_("Password:"******"Repeat password:"******"Enter your new password in the fields.")); end_table(1);
<?php /* include required scripts */ require_once '../../functions/functions.php'; /* verify posted data */ CheckReferrer(); /* verify that user is authenticated! */ isUserAuthenticated(); $user = getActiveUserDetails(); /* sanitize */ $_POST = filter_user_input($_POST, true, true, false); /* check lenghts */ if (strlen($_POST['ipampassword1']) < 8) { die("<div class='alert alert-danger'>" . _("Invalid password") . "</div>"); } if (strlen($_POST['ipampassword2']) < 8) { die("<div class='alert alert-danger'>" . _("Invalid password") . "</div>"); } /* check match */ if ($_POST['ipampassword1'] != $_POST['ipampassword2']) { die("<div class='alert alert-danger'>" . _("Passwords do not match") . "</div>"); } /* Crypt password */ $_POST['ipampassword1'] = crypt_user_pass($_POST['ipampassword1']); /* all good, update password! */ if (!update_user_password($user['id'], $_POST['ipampassword1'])) { } else { print "<div class='alert alert-success'>Hi, {$user['real_name']}, your password was updated. <a class='btn btn-sm btn-default' href='" . create_link("dashboard") . "'>Dashboard</a>"; }
$error = 0; if (isset($_GET['token']) && isset($_GET['user'])) { $flag = array(); $_SESSION['reset']['user'] = $_GET['user']; $_SESSION['reset']['usertype'] = $_GET['usertype']; $_SESSION['reset']['token'] = $_GET['token']; $flag = check_user_token($_SESSION['reset']['user'], $_SESSION['reset']['usertype'], $_SESSION['reset']['token']); $flag = sizeof($flag); $_SESSION['reset']['reset_password'] = $flag; //echo $flag; } if (isset($_POST['submit']) && $_SESSION['reset']['reset_password'] == 1) { // print_r($_POST); $password = $_POST['password']; // $encrpt_password =password_hash($password, PASSWORD_BCRYPT); $result = update_user_password($_SESSION['reset']['user'], $_SESSION['reset']['usertype'], $password); if ($result == 1) { $user[0]['user_type'] = $_SESSION['reset']['usertype']; $user[0]['username'] = $_SESSION['reset']['user']; set_token($user, NULL); echo "<script>"; echo 'alert("Password Updated Successfully");'; echo "window.location.href ='index.php';"; echo '</script>'; } else { $error = "Try again password update fail"; } } ?> <div id="page" class="container"> <div id="wrapper">
} if (strstr($_POST['password'], $_POST['user_id']) != false) { display_error(tr("The password cannot contain the user login.")); set_focus('password'); return false; } } return true; } //------------------------------------------------------------------------------------------------- if (isset($_POST['ADD_ITEM']) || isset($_POST['UPDATE_ITEM'])) { if (can_process()) { if (isset($selected_id)) { update_user($_POST['user_id'], $_POST['real_name'], $_POST['phone'], $_POST['email'], $_POST['Access'], $_POST['language']); if ($_POST['password'] != "") { update_user_password($_POST['user_id'], md5($_POST['password'])); } unset($selected_id); meta_forward($_SERVER['PHP_SELF'], "UpdatedID=1"); } else { add_user($_POST['user_id'], $_POST['real_name'], md5($_POST['password']), $_POST['phone'], $_POST['email'], $_POST['Access'], $_POST['language']); unset($selected_id); meta_forward($_SERVER['PHP_SELF'], "AddedID=1"); } } } //------------------------------------------------------------------------------------------------- if (isset($_GET['delete'])) { delete_user($selected_id); unset($selected_id); meta_forward($_SERVER['PHP_SELF'], "DeletedID=1");