\$('#result').html(checkStrength(\$('#password_form').val()))
});
});
/* ]]> */
</script>
hContent;
$passUrl = $urlSecure . 'main/profile/password.php';
$passLocation = 'Location: ' . $passUrl;
if (isset($_POST['submit'])) {
if (empty($_POST['password_form']) or empty($_POST['password_form1']) or empty($_POST['old_pass'])) {
Session::Messages($langFieldsMissing);
header($passLocation);
exit;
}
if (count($error_messages = acceptable_password($_POST['password_form'], $_POST['password_form1'])) > 0) {
Session::Messages($langPassTwo);
header($passLocation);
exit;
}
// all checks ok. Change password!
$myrow = Database::get()->querySingle("SELECT password FROM user WHERE id= ?d", $_SESSION['uid']);
$hasher = new PasswordHash(8, false);
$new_pass = $hasher->HashPassword($_REQUEST['password_form']);
if ($hasher->CheckPassword($_REQUEST['old_pass'], $myrow->password)) {
Database::get()->query("UPDATE user SET password = ?s\n WHERE id = ?d", $new_pass, $_SESSION['uid']);
Log::record(0, 0, LOG_PROFILE, array('uid' => $_SESSION['uid'], 'pass_change' => 1));
Session::Messages($langPassChanged, 'alert-success');
redirect_to_home_page('main/profile/display_profile.php');
exit;
} else {
if (in_array($password, $auth_ids)) {
return false;
// not editable, external auth method
} else {
return true;
// editable
}
}
if (isset($_REQUEST['u']) and isset($_REQUEST['h'])) {
$change_ok = false;
$userUID = intval($_REQUEST['u']);
$valid = token_validate('password' . $userUID, $_REQUEST['h'], TOKEN_VALID_TIME);
$res = Database::get()->querySingle("SELECT id FROM user WHERE id = ?d AND password NOT IN ('" . implode("', '", $auth_ids) . "')", $userUID);
$error_messages = array();
if ($valid and $res) {
if (isset($_POST['newpass']) and isset($_POST['newpass1']) and count($error_messages = acceptable_password($_POST['newpass'], $_POST['newpass1'])) == 0) {
$hasher = new PasswordHash(8, false);
$q1 = Database::get()->query("UPDATE user SET password = ?s\n WHERE id = ?d", $hasher->HashPassword($_POST['newpass']), $userUID);
if ($q1->affectedRows > 0) {
$tool_content = "<div class='alert alert-success'><p>{$langAccountResetSuccess1}</p></div>\n {$homelink}";
$change_ok = true;
}
} elseif (count($error_messages)) {
$tool_content .= "<div class='alert alert-warning'><ul><li>" . implode("</li>\n<li>", $error_messages) . "</li></ul></div>";
}
if (!$change_ok) {
$tool_content .= "\n <div class='form-wrapper'>\n <form method='post' action='{$_SERVER['SCRIPT_NAME']}'>\n <input type='hidden' name='u' value='{$userUID}'>\n <input type='hidden' name='h' value='" . q($_REQUEST['h']) . "'>\n <fieldset>\n <legend>{$langPassword}</legend>\n <table class='tbl'>\n <tr>\n <th>{$langNewPass1}</th>\n <td><input type='password' size='40' name='newpass' value='' id='password' autocomplete='off'/> <span id='result'></span></td>\n </tr>\n <tr>\n <th>{$langNewPass2}</th>\n <td><input type='password' size='40' name='newpass1' value='' autocomplete='off'></td>\n </tr>\n <tr>\n <th> </th>\n <td><input class='btn btn-primary' type='submit' name='submit' value='{$langModify}'></td>\n </tr>\n </table>\n </fieldset>\n </form>\n </div>";
}
} else {
$tool_content = "<div class='alert alert-danger'>{$langAccountResetInvalidLink}</div>\n {$homelink}";
}
