} else {
header('Location:index.php');
}
log_timing();
exit;
case 'reg_done':
$reg_status = user_register($_POST);
if ($reg_status == 1) {
header("Location:index.php");
exit;
} else {
$smarty->assign('reg_status', $reg_status);
}
break;
case 'change_pw':
$smarty->assign('change_status', user_change_password($_POST));
break;
case 'change_email':
$smarty->assign('change_status', user_change_email($_POST));
break;
case 'generate_passwd':
$smarty->assign('gen_status', user_generate_password($_POST['email']));
break;
case 'change_name':
$smarty->assign('change_status', user_change_shown_name($_POST['shown_name']));
break;
}
log_timing();
if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'login.php') === false && strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST']) !== false) {
$_SESSION['return_to'] = $_SERVER['HTTP_REFERER'];
} else {
}
if (htmlentities_array($t_new_pass) != $t_new_pass) {
$error_msg_array[] = gettext("Password must not contain HTML tags");
$valid = false;
}
if (mb_strlen($t_new_pass) < 6) {
$error_msg_array[] = gettext("Password must be a minimum of 6 characters long");
$valid = false;
}
if ($t_old_pass == $t_new_pass) {
$error_msg_array[] = gettext("New and old passwords are the same.");
$valid = false;
}
if ($valid) {
// Update the password and cookie
if (user_change_password($_SESSION['UID'], $t_new_pass, $t_old_pass)) {
// Force redirect to prevent refreshing the page
// prompting to user to resubmit form data.
header_redirect("edit_password.php?webtag={$webtag}&updated=true");
exit;
} else {
$error_msg_array[] = gettext("Update failed");
$valid = false;
}
}
}
}
// Start Output Here
html_draw_top(array('title' => gettext('My Controls - Change Password'), 'class' => 'window_title', 'js' => array('js/prefs.js')));
echo "<h1>", gettext("Change Password"), "</h1>\n";
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
include 'layout/overall/header.php';
?>
<h1>Change Password:</h1>
<?php
if (isset($_GET['success']) && empty($_GET['success'])) {
echo 'Your password has been changed.<br>You will need to login again with the new password.';
session_destroy();
header("refresh:2;url=index.php");
exit;
} else {
if (empty($_POST) === false && empty($errors) === true) {
//Posted the form without errors
if ($config['TFSVersion'] == 'TFS_02' || $config['TFSVersion'] == 'TFS_10') {
user_change_password($session_user_id, $_POST['new_password']);
} else {
if ($config['TFSVersion'] == 'TFS_03') {
user_change_password03($session_user_id, $_POST['new_password']);
}
}
header('Location: changepassword.php?success');
} else {
if (empty($errors) === false) {
echo '<font color="red"><b>';
echo output_errors($errors);
echo '</b></font>';
}
}
?>
function user_change_password03($user_id, $password)
{
if (config('salt') === true) {
$user_id = sanitize($user_id);
$salt = user_data($user_id, 'salt');
$password = sha1($salt['salt'] . $password);
mysql_update("UPDATE `accounts` SET `password`='{$password}' WHERE `id`={$user_id}");
} else {
user_change_password($user_id, $password);
}
}
if (empty($_POST['del_name']) === false) {
if (user_character_exist($_POST['del_name'])) {
user_delete_character(user_character_id($_POST['del_name']));
$errors[] = 'Character ' . $_POST['del_name'] . ' permanently deleted.';
} else {
$errors[] = 'Character ' . $_POST['del_name'] . ' does not exist.';
}
}
// Reset password for char name
if (empty($_POST['reset_pass']) === false && empty($_POST['new_pass']) === false) {
// reset_pass = character name
if (user_character_exist($_POST['reset_pass'])) {
$acc_id = user_character_account_id($_POST['reset_pass']);
if ($acc_id != $session_user_id) {
if ($config['TFSVersion'] == 'TFS_02') {
user_change_password($acc_id, $_POST['new_pass']);
} else {
if ($config['TFSVersion'] == 'TFS_03') {
user_change_password03($acc_id, $_POST['new_pass']);
}
}
$errors[] = 'The password to the account of character name: ' . $_POST['reset_pass'] . ' has been set to: ' . $_POST['new_pass'] . '.';
} else {
header('Location: changepassword.php');
exit;
}
}
}
// Give points to character
if (empty($_POST['points_char']) === false && empty($_POST['points_value']) === false) {
$char = sanitize($_POST['points_char']);
# --------------------------------------------------------
require_once 'core' . DIRECTORY_SEPARATOR . 'api.php';
login_cookie_check();
$row = user_get_info(user_where_current());
extract($row, EXTR_PREFIX_ALL, 'v');
if (1 == $v_protected) {
$t_action = ACTION_USERS_EDIT_OWN_PROTECTED;
} else {
$t_action = ACTION_USERS_EDIT_OWN;
}
access_ensure_check_action($t_action);
if (isset($f_action) && $f_action == 'change') {
$f_current_password = gpc_get_string('f_current_password');
$f_password = gpc_get_string('f_password');
$f_password2 = gpc_get_string('f_password');
if (false !== user_change_password(user_where_current(), $f_current_password, $f_password, $f_password2)) {
echo <<<EOT
\t\t\t<div align="center">
\t\t\t\t<p>Password changed successfully</p>
\t\t\t</div>
EOT;
}
}
print_html_top();
print_head_top();
print_title($g_window_title);
print_css($g_css_inc_file);
print_head_bottom();
print_body_top();
print_header($g_page_title);
print_top_page($g_top_page_inc);
require_once 'config.php';
require_once 'user.php';
if (!user_isloggedin()) {
exit;
}
if (isset($_POST['action'])) {
$success = false;
$action = mysql_real_escape_string($_POST['action']);
switch ($action) {
case 'change_password':
if (isset($_POST['new_password'])) {
$new_password = mysql_real_escape_string(trim($_POST['new_password']));
if (empty($new_password)) {
break;
}
$success = user_change_password($new_password);
}
break;
case 'change_email':
if (isset($_POST['new_email'])) {
$new_email = mysql_real_escape_string(trim($_POST['new_email']));
if (empty($new_email)) {
break;
}
$success = user_change_email($new_email);
}
break;
default:
break;
}
if ($success) {
edit_user(post('userid'), post('username'), post('firstname'), post('lastname'), post('email'));
redirect($g["abs_url"] . '/login/accounts/');
}
if (isset($id_command)) {
render_edit_account($id_command);
} else {
redirect($g["abs_url"] . '/error/invalid-page');
}
break;
case 'delete':
if (post('did_submit') == 'yes') {
delete_user(post('userid'));
}
exit;
break;
case 'change_password':
if (!isset($id_command)) {
redirect($g["abs_url"] . '/login/accounts/');
} else {
$userid = $id_command;
}
if (post('did_submit') == 'yes') {
if (post('new_password') == post('new_password_confirm')) {
if (user_change_password($userid, post('old_password'), post('new_password'))) {
redirect($g["abs_url"] . '/login');
} else {
render_account_change_password($userid, 'Old password invalid');
}
} else {
render_account_change_password($userid, 'New passwords do not match');
}
}
if (mb_strlen($t_new_pass) < 6) {
$error_msg_array[] = gettext("Password must be a minimum of 6 characters long");
$valid = false;
}
if ($t_old_pass == $t_new_pass) {
$error_msg_array[] = gettext("New and old passwords are the same.");
$valid = false;
}
if ($valid) {
// User's UID for updating with.
$uid = session::get_value('UID');
// Fetch current logon.
$logon = session::get_value('LOGON');
// Update the password and cookie
if (user_change_password($uid, $t_new_pass, $t_old_pass)) {
// Force redirect to prevent refreshing the page
// prompting to user to resubmit form data.
header_redirect("edit_password.php?webtag={$webtag}&updated=true", gettext("Password changed"));
exit;
} else {
$error_msg_array[] = gettext("Update failed");
$valid = false;
}
}
}
}
// Start Output Here
html_draw_top(sprintf('title=%s', gettext("My Controls - Change Password")), 'class=window_title');
echo "<h1>", gettext("Change Password"), "</h1>\n";
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
# $Id: changepass.php,v 1.9 2006/03/06 19:09:56 frabcus Exp $
# The Public Whip, Copyright (C) 2003 Francis Irving and Julian Todd
# This is free software, and you are welcome to redistribute it under
# certain conditions. However, it comes with ABSOLUTELY NO WARRANTY.
# For details see the file LICENSE.html in the top level of the source.
require_once "../database.inc";
require_once "user.inc";
if (user_isloggedin()) {
$new_password1 = mysql_real_escape_string($_POST["new_password1"]);
$new_password2 = mysql_real_escape_string($_POST["new_password2"]);
$change_user_name = $user_name;
$old_password = mysql_real_escape_string($_POST["old_password"]);
$submit = mysql_real_escape_string($_POST["submit"]);
$ok = false;
if ($submit) {
$ok = user_change_password($new_password1, $new_password2, $change_user_name, $old_password);
}
}
$title = "Change password";
pw_header();
if (!user_isloggedin()) {
print "<p><a href=\"settings.php\">Log in first</a> before changing password.";
} else {
if ($feedback) {
if ($ok) {
echo "<p>{$feedback}</p>";
} else {
echo "<div class=\"error\"><h2>Password not changed</h2><p>{$feedback}</div>";
}
}
if (!$ok) {
