$template = 'common/password_change.tpl'; if (isset($_POST['uaction']) && $_POST['uaction'] === 'updt_pass') { if (empty($_POST['pass']) || empty($_POST['pass_rep']) || empty($_POST['curr_pass'])) { set_page_message(tr('Please fill up all data fields!'), 'warning'); } else { if ($_POST['pass'] !== $_POST['pass_rep']) { set_page_message(tr('Passwords do not match!'), 'warning'); } else { if (!chk_password($_POST['pass'])) { if ($cfg->PASSWD_STRONG) { set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning'); } else { set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning'); } } else { if (!EasyPass::check_udata($_SESSION['user_id'], $_POST['curr_pass'])) { set_page_message(tr('The current password is wrong!'), 'warning'); } else { $upass = crypt_user_pass($_POST['pass']); $_SESSION['user_pass'] = $upass; $user_id = $_SESSION['user_id']; $query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`admin_pass` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t"; $rs = exec_query($sql, $query, array($upass, $user_id)); write_log($_SESSION['user_logged'] . ": update password!"); set_page_message(tr('User password updated successfully!'), 'success'); } } } } } // static page messages
$template = 'common/password_change.tpl'; if (isset($_POST['uaction']) && $_POST['uaction'] === 'updt_pass') { if (empty($_POST['pass']) || empty($_POST['pass_rep']) || empty($_POST['curr_pass'])) { set_page_message(tr('Please fill up all data fields!'), 'warning'); } else { if ($_POST['pass'] !== $_POST['pass_rep']) { set_page_message(tr('Passwords do not match!'), 'warning'); } else { if (!chk_password($_POST['pass'])) { if ($cfg->PASSWD_STRONG) { set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning'); } else { set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning'); } } else { if (EasyPass::check_udata($_SESSION['user_id'], $_POST['curr_pass']) === false) { set_page_message(tr('The current password is wrong!'), 'error'); } else { // Correct input password $upass = crypt_user_pass(htmlentities($_POST['pass'])); $_SESSION['user_pass'] = $upass; $user_id = $_SESSION['user_id']; // Begin update admin-db $query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`admin_pass` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t"; $rs = exec_query($sql, $query, array($upass, $user_id)); write_log($_SESSION['user_logged'] . ": update password!"); set_page_message(tr('User password updated successfully!'), 'success'); } } } }