\$('#result').html(checkStrength(\$('#password_form').val())) }); }); /* ]]> */ </script> hContent; $passUrl = $urlSecure . 'main/profile/password.php'; $passLocation = 'Location: ' . $passUrl; if (isset($_POST['submit'])) { if (empty($_POST['password_form']) or empty($_POST['password_form1']) or empty($_POST['old_pass'])) { Session::Messages($langFieldsMissing); header($passLocation); exit; } if (count($error_messages = acceptable_password($_POST['password_form'], $_POST['password_form1'])) > 0) { Session::Messages($langPassTwo); header($passLocation); exit; } // all checks ok. Change password! $myrow = Database::get()->querySingle("SELECT password FROM user WHERE id= ?d", $_SESSION['uid']); $hasher = new PasswordHash(8, false); $new_pass = $hasher->HashPassword($_REQUEST['password_form']); if ($hasher->CheckPassword($_REQUEST['old_pass'], $myrow->password)) { Database::get()->query("UPDATE user SET password = ?s\n WHERE id = ?d", $new_pass, $_SESSION['uid']); Log::record(0, 0, LOG_PROFILE, array('uid' => $_SESSION['uid'], 'pass_change' => 1)); Session::Messages($langPassChanged, 'alert-success'); redirect_to_home_page('main/profile/display_profile.php'); exit; } else {
if (in_array($password, $auth_ids)) { return false; // not editable, external auth method } else { return true; // editable } } if (isset($_REQUEST['u']) and isset($_REQUEST['h'])) { $change_ok = false; $userUID = intval($_REQUEST['u']); $valid = token_validate('password' . $userUID, $_REQUEST['h'], TOKEN_VALID_TIME); $res = Database::get()->querySingle("SELECT id FROM user WHERE id = ?d AND password NOT IN ('" . implode("', '", $auth_ids) . "')", $userUID); $error_messages = array(); if ($valid and $res) { if (isset($_POST['newpass']) and isset($_POST['newpass1']) and count($error_messages = acceptable_password($_POST['newpass'], $_POST['newpass1'])) == 0) { $hasher = new PasswordHash(8, false); $q1 = Database::get()->query("UPDATE user SET password = ?s\n WHERE id = ?d", $hasher->HashPassword($_POST['newpass']), $userUID); if ($q1->affectedRows > 0) { $tool_content = "<div class='alert alert-success'><p>{$langAccountResetSuccess1}</p></div>\n {$homelink}"; $change_ok = true; } } elseif (count($error_messages)) { $tool_content .= "<div class='alert alert-warning'><ul><li>" . implode("</li>\n<li>", $error_messages) . "</li></ul></div>"; } if (!$change_ok) { $tool_content .= "\n <div class='form-wrapper'>\n <form method='post' action='{$_SERVER['SCRIPT_NAME']}'>\n <input type='hidden' name='u' value='{$userUID}'>\n <input type='hidden' name='h' value='" . q($_REQUEST['h']) . "'>\n <fieldset>\n <legend>{$langPassword}</legend>\n <table class='tbl'>\n <tr>\n <th>{$langNewPass1}</th>\n <td><input type='password' size='40' name='newpass' value='' id='password' autocomplete='off'/> <span id='result'></span></td>\n </tr>\n <tr>\n <th>{$langNewPass2}</th>\n <td><input type='password' size='40' name='newpass1' value='' autocomplete='off'></td>\n </tr>\n <tr>\n <th> </th>\n <td><input class='btn btn-primary' type='submit' name='submit' value='{$langModify}'></td>\n </tr>\n </table>\n </fieldset>\n </form>\n </div>"; } } else { $tool_content = "<div class='alert alert-danger'>{$langAccountResetInvalidLink}</div>\n {$homelink}"; }