/**
* Save a user's new password
*
*/
function ChangePass()
{
global $langmessage, $config;
$fields = 0;
if (!empty($_POST['oldpassword'])) {
$fields++;
}
if (!empty($_POST['password'])) {
$fields++;
}
if (!empty($_POST['password1'])) {
$fields++;
}
if ($fields < 2) {
return;
//assume user didn't try to reset password
}
//make sure password and password1 match
if (!$this->CheckPasswords()) {
return false;
}
//check the old password
$pass_hash = gpsession::PassAlgo($this->user_info);
$oldpass = common::hash($_POST['oldpassword'], $pass_hash);
if ($this->user_info['password'] != $oldpass) {
message($langmessage['couldnt_reset_pass']);
return false;
}
self::SetUserPass($this->users[$this->username], $_POST['password']);
}
/**
* Save a user's new password
*
*/
function ResetPass()
{
global $langmessage, $config;
if (!$this->CheckPasswords()) {
return false;
}
$username = $_POST['username'];
if (!isset($this->users[$username])) {
message($langmessage['OOPS']);
return false;
}
$pass_hash = gpsession::PassAlgo($this->users[$username]);
$this->users[$username]['password'] = common::hash($_POST['password'], $pass_hash);
return $this->SaveUserFile();
}
/**
* Display the password algorithm being used for the user
*
*/
function PassAlgo($userinfo)
{
$algo = gpsession::PassAlgo($userinfo);
switch ($algo) {
case 'md5':
case 'sha1':
$this->has_weak_pass = true;
echo '<span style="color:red">' . $algo . '</span>';
return;
}
echo $algo;
}
function SendPassword()
{
global $langmessage, $gp_mailer, $config;
includeFile('tool/email_mailer.php');
$users = gpFiles::Get('_site/users');
$username = $_POST['username'];
if (!isset($users[$username])) {
message($langmessage['OOPS']);
return false;
}
$userinfo = $users[$username];
if (empty($userinfo['email'])) {
message($langmessage['no_email_provided']);
return false;
}
$passwordChars = str_repeat('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', 3);
$newpass = str_shuffle($passwordChars);
$newpass = substr($newpass, 0, 8);
$pass_hash = gpsession::PassAlgo($userinfo);
$users[$username]['newpass'] = common::hash($newpass, $pass_hash);
if (!gpFiles::SaveData('_site/users', 'users', $users)) {
message($langmessage['OOPS']);
return false;
}
if (isset($_SERVER['HTTP_HOST'])) {
$server = $_SERVER['HTTP_HOST'];
} else {
$server = $_SERVER['SERVER_NAME'];
}
$link = common::AbsoluteLink('Admin', $langmessage['login']);
$message = sprintf($langmessage['passwordremindertext'], $server, $link, $username, $newpass);
if ($gp_mailer->SendEmail($userinfo['email'], $langmessage['new_password'], $message)) {
list($namepart, $sitepart) = explode('@', $userinfo['email']);
$showemail = substr($namepart, 0, 3) . '...@' . $sitepart;
message(sprintf($langmessage['password_sent'], $username, $showemail));
return true;
}
message($langmessage['OOPS'] . ' (Email not sent)');
return false;
}