$template = 'common/password_change.tpl';
if (isset($_POST['uaction']) && $_POST['uaction'] === 'updt_pass') {
if (empty($_POST['pass']) || empty($_POST['pass_rep']) || empty($_POST['curr_pass'])) {
set_page_message(tr('Please fill up all data fields!'), 'warning');
} else {
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr('Passwords do not match!'), 'warning');
} else {
if (!chk_password($_POST['pass'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
} else {
if (!EasyPass::check_udata($_SESSION['user_id'], $_POST['curr_pass'])) {
set_page_message(tr('The current password is wrong!'), 'warning');
} else {
$upass = crypt_user_pass($_POST['pass']);
$_SESSION['user_pass'] = $upass;
$user_id = $_SESSION['user_id'];
$query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`admin_pass` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t";
$rs = exec_query($sql, $query, array($upass, $user_id));
write_log($_SESSION['user_logged'] . ": update password!");
set_page_message(tr('User password updated successfully!'), 'success');
}
}
}
}
}
// static page messages
$template = 'common/password_change.tpl';
if (isset($_POST['uaction']) && $_POST['uaction'] === 'updt_pass') {
if (empty($_POST['pass']) || empty($_POST['pass_rep']) || empty($_POST['curr_pass'])) {
set_page_message(tr('Please fill up all data fields!'), 'warning');
} else {
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr('Passwords do not match!'), 'warning');
} else {
if (!chk_password($_POST['pass'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
} else {
if (EasyPass::check_udata($_SESSION['user_id'], $_POST['curr_pass']) === false) {
set_page_message(tr('The current password is wrong!'), 'error');
} else {
// Correct input password
$upass = crypt_user_pass(htmlentities($_POST['pass']));
$_SESSION['user_pass'] = $upass;
$user_id = $_SESSION['user_id'];
// Begin update admin-db
$query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`admin_pass` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t";
$rs = exec_query($sql, $query, array($upass, $user_id));
write_log($_SESSION['user_logged'] . ": update password!");
set_page_message(tr('User password updated successfully!'), 'success');
}
}
}
}
