function change_password_form() { global $LANG; if ($GLOBALS['me']) { $form = '<div class="change_password_form other_form">'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['change_password_form']) && \site\utils::check_csrf($_POST['change_password_form']['csrf'], 'change_password_csrf')) { $pd = \site\utils::validate_user_data($_POST['change_password_form']); try { \user\main::change_password($GLOBALS['me']->ID, $pd); $form .= '<div class="success">' . $LANG['change_pwd_success'] . '</div>'; } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['change_password_csrf'] = \site\utils::str_random(12); $form .= '<form method="POST" action="#"> <div class="form_field"><label for="change_password_form[old]">' . $LANG['change_pwd_form_old'] . ':</label> <div><input type="password" name="change_password_form[old]" id="change_password_form[old]" value="" required /></div></div> <div class="form_field"><label for="change_password_form[new]">' . $LANG['change_pwd_form_new'] . ':</label> <div><input type="password" name="change_password_form[new]" id="change_password_form[new]" value="" required /></div></div> <div class="form_field"><label for="change_password_form[new2]">' . $LANG['change_pwd_form_new2'] . ':</label> <div><input type="password" name="change_password_form[new2]" id="change_password_form[new2]" value="" required /></div></div> <input type="hidden" name="change_password_form[csrf]" value="' . $csrf . '" /> <button>' . $LANG['change_pwd_button'] . '</button> </form> </div>'; return $form; } else { return '<div class="info_form">' . $LANG['unavailable_form'] . '</div>'; } }