/**
  * Save a user's new password
  *
  */
 function ChangePass()
 {
     global $langmessage, $config;
     $fields = 0;
     if (!empty($_POST['oldpassword'])) {
         $fields++;
     }
     if (!empty($_POST['password'])) {
         $fields++;
     }
     if (!empty($_POST['password1'])) {
         $fields++;
     }
     if ($fields < 2) {
         return;
         //assume user didn't try to reset password
     }
     //make sure password and password1 match
     if (!$this->CheckPasswords()) {
         return false;
     }
     //check the old password
     $pass_hash = gpsession::PassAlgo($this->user_info);
     $oldpass = common::hash($_POST['oldpassword'], $pass_hash);
     if ($this->user_info['password'] != $oldpass) {
         message($langmessage['couldnt_reset_pass']);
         return false;
     }
     self::SetUserPass($this->users[$this->username], $_POST['password']);
 }
Example #2
0
 /**
  * Save a user's new password
  *
  */
 function ResetPass()
 {
     global $langmessage, $config;
     if (!$this->CheckPasswords()) {
         return false;
     }
     $username = $_POST['username'];
     if (!isset($this->users[$username])) {
         message($langmessage['OOPS']);
         return false;
     }
     $pass_hash = gpsession::PassAlgo($this->users[$username]);
     $this->users[$username]['password'] = common::hash($_POST['password'], $pass_hash);
     return $this->SaveUserFile();
 }
Example #3
0
 /**
  * Display the password algorithm being used for the user
  *
  */
 function PassAlgo($userinfo)
 {
     $algo = gpsession::PassAlgo($userinfo);
     switch ($algo) {
         case 'md5':
         case 'sha1':
             $this->has_weak_pass = true;
             echo '<span style="color:red">' . $algo . '</span>';
             return;
     }
     echo $algo;
 }
Example #4
0
 function SendPassword()
 {
     global $langmessage, $gp_mailer, $config;
     includeFile('tool/email_mailer.php');
     $users = gpFiles::Get('_site/users');
     $username = $_POST['username'];
     if (!isset($users[$username])) {
         message($langmessage['OOPS']);
         return false;
     }
     $userinfo = $users[$username];
     if (empty($userinfo['email'])) {
         message($langmessage['no_email_provided']);
         return false;
     }
     $passwordChars = str_repeat('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', 3);
     $newpass = str_shuffle($passwordChars);
     $newpass = substr($newpass, 0, 8);
     $pass_hash = gpsession::PassAlgo($userinfo);
     $users[$username]['newpass'] = common::hash($newpass, $pass_hash);
     if (!gpFiles::SaveData('_site/users', 'users', $users)) {
         message($langmessage['OOPS']);
         return false;
     }
     if (isset($_SERVER['HTTP_HOST'])) {
         $server = $_SERVER['HTTP_HOST'];
     } else {
         $server = $_SERVER['SERVER_NAME'];
     }
     $link = common::AbsoluteLink('Admin', $langmessage['login']);
     $message = sprintf($langmessage['passwordremindertext'], $server, $link, $username, $newpass);
     if ($gp_mailer->SendEmail($userinfo['email'], $langmessage['new_password'], $message)) {
         list($namepart, $sitepart) = explode('@', $userinfo['email']);
         $showemail = substr($namepart, 0, 3) . '...@' . $sitepart;
         message(sprintf($langmessage['password_sent'], $username, $showemail));
         return true;
     }
     message($langmessage['OOPS'] . ' (Email not sent)');
     return false;
 }