$newpasswd = $_POST['newpw'];
$oldpasswd = $_POST['oldpw'];
$salty = "saltyboy";
if ($_POST['submit'] != "OK") {
echo "ERROR\n";
return;
}
function update_password($accounts, $index, $newhash)
{
$accounts[$index]['passwd'] = $newhash;
file_put_contents("../htdocs/private/passwd", serialize($accounts));
}
if ($user && $newpasswd && $oldpasswd && strlen($user) > 0 && strlen($newpasswd) > 0 && strlen($oldpasswd) > 0) {
if (file_exists("../htdocs/private/passwd") == TRUE) {
$accounts = unserialize(file_get_contents("../htdocs/private/passwd"));
} else {
echo "ERRR\n";
return;
}
for ($i = 0; $i < count($accounts); $i++) {
if ($accounts[$i]['login'] == $user) {
if ($accounts[$i]['passwd'] == hash("sha256", $salty . $user . $oldpasswd)) {
update_password($accounts, $i, hash("sha256", $salty . $user . $newpasswd));
header("Location: index.html");
echo "OK\n";
return;
}
}
}
}
echo "ERROR\n";
}
if (isset($_REQUEST['doimatkhau'])) {
$rs_mkcu = "";
$rs_mkmoi = "";
$rs_remk = "";
if ($_REQUEST['oldpassword']) {
$rs_mkcu = $_REQUEST['oldpassword'];
}
if ($_REQUEST['newpassword']) {
$rs_mkmoi = $_REQUEST['newpassword'];
}
if ($_REQUEST['repassword']) {
$rs_remk = $_REQUEST['repassword'];
}
if ($rs_mkcu && $rs_mkmoi && $rs_remk && $_SESSION['currUser']['password'] === $rs_mkcu) {
$result = update_password($rs_mkmoi);
if ($result) {
update_session();
echo "<div class='alert alert-block alert-success fade in'>Cập nhật thành công.</div>";
} else {
echo "<div class='alert alert-block alert-danger fade in'>Lỗi! Không cập mật khẩu được.</div>";
}
} else {
if ($rs_mkmoi !== $rs_remk) {
echo "<div class='alert alert-block alert-danger fade in'>Nhập mật khẩu không khớp.</div>";
} else {
if (!$rs_mkcu) {
echo "<div class='alert alert-block alert-danger fade in'>Nhập mật khẩu cũ.</div>";
} else {
if (!$rs_mkmoi) {
echo "<div class='alert alert-block alert-danger fade in'>Nhập mật khẩu mới.</div>";
message_error("<i class=\"fa fa-exclamation\"></i> " . translate("You did not enter the correct password, please go back and try again.") . "<br /><br />", "");
}
} else {
main($user);
}
break;
case "validpasswd":
if ($code != "") {
valid_password($code);
} else {
main($user);
}
break;
case "updatepasswd":
if ($code != "" and $passwd != "") {
update_password($code, $passwd);
} else {
main($user);
}
break;
case "userinfo":
if ($member_list == 1 and (!isset($user) and !isset($admin))) {
Header("Location: index.php");
}
if ($uname != "") {
userinfo($uname);
} else {
main($user);
}
break;
case "login":
if ($new_password != $repeat_password) {
$errmsg_arr[] = 'Repeat Password Field Value doesnot match with New Password';
$errflag = true;
}
if ($new_password == $old_password && $old_password) {
$errmsg_arr[] = 'New Password cannot be same as Old Password';
$errflag = true;
}
if ($errflag == true) {
$tpl->errors = $errmsg_arr;
} else {
$user_email = clean($_SESSION['user_email']);
$get_user = select_password($database, $user_email, $checkpassword);
if ($get_user) {
$newpass = clean(md5($new_password));
$updatepassword = update_password($database, $newpass, $user_email);
if ($updatepassword) {
header("Location: " . main_url . "/changepassword/success");
}
} else {
$errmsg_arr[] = 'Old Password is Wrong!';
$errflag = true;
$tpl->errors = $errmsg_arr;
}
}
//If there are input validations, redirect back to the login form
} catch (Exception $e) {
// CSRF attack detected
$result = $e->getMessage() . ' Form ignored.';
}
} else {
<?php
if (isset($_POST['cpassword'])) {
$current_password = $_POST['cpassword'];
}
if (isset($_POST['newpass'])) {
$new_password = $_POST['newpass'];
}
if (isset($_POST['confirmpass'])) {
$confirm_pass = $_POST['confirmpass'];
}
if ($current_password === getuserfield_settings('password', $user_id)) {
if (update_password($user_id, $new_password)) {
$msg = "Your password changed successfully.";
header("Location: student_homepage.php?pid=6st16yz9&settings_msg={$msg}");
} else {
$msg = "Sorry, Your password could not be changed.";
header("Location: student_homepage.php?pid=6st16yz9&settings_msg={$msg}");
}
} else {
$msg = "Your current password is invalid.";
header("Location: student_homepage.php?pid=6st16yz9&settings_msg={$msg}");
}
$userName = $userInfo[0];
echo "<input type=\"hidden\" name=\"userName\" value=\"$userName\">";
if ($passwordChange == 1) {
# Verify that the user entered his login
$currentPassword = $_POST["md5"];
// verify Current user name and password
if (!is_right_password($userId, $currentPassword)) {
echo "<p><b>Current Password Invalid - Password not changed</p></b>";
}
else {
$newPassword = $_POST["md5NewPassword"];
update_password($userId, $newPassword);
echo "<script>";
echo "alert(\"Password Updated Successfully\");";
echo "document.location.href = 'index.php'";
echo "</script>";
echo "<BR><BR><BR>";
exit;
}
}
?>
<p> Password should be between 4 and 10 characters long </p>
<fieldset class="login">
<legend>Password Change</legend>
}
is_valid_password($_POST['pwd1'], $err);
}
// Validate the email.
is_valid_email($_POST['email'], $err);
// Validate the session length.
is_valid_slength($_POST['slength'], $err);
}
if (sizeof($err)) {
$title = 'Error';
$messages = $err;
draw_page('details_error.php');
} else {
if (!$FORUM) {
if ($_POST['pwd1'] && $_POST['pwd2']) {
update_password(addslashes($_POST['pwd1']), $sid);
}
update_email(addslashes($_POST['email']), $sid);
update_slength(addslashes($_POST['slength']), $sid);
}
update_dm($_POST['dm'], $sid);
$title = 'Profile Updated';
draw_page('details.php');
}
////////////////////////////////////////////////////////////////////////
// Supporting functions.
// Updates the db with the user's new password.
function update_password($pwd, &$sid)
{
global $TABLE_USERS, $rpgDB;
$_r = $rpgDB->query(sprintf("UPDATE %s SET pwd = PASSWORD('%s') WHERE pname = '%s' LIMIT 1", $TABLE_USERS, addslashes($pwd), addslashes($sid->GetUserName())));
$user = $_SESSION["user"];
$current_pass = $_POST['current_pass'];
$new_pass = $_POST['new_pass'];
$confirm_pass = $_POST['confirm_pass'];
// Send an alert
$alert = true;
// If the user and current password are valid
if (is_valid_user($user, $current_pass)) {
// Verify that the two passwords are the same
if ("{$new_pass}" == "{$confirm_pass}") {
// Generate the salt
$salt = generateSalt($user);
// Generate the password hash
$hash = generateHash($salt, $new_pass);
// Update the password
update_password($user, $hash);
// Audit log
$risk_id = 1000;
$message = "Password was modified for the \"" . $_SESSION['user'] . "\" user.";
write_log($risk_id, $_SESSION['uid'], $message);
$alert_message = "Your password has been updated successfully!";
} else {
$alert_message = "The new password entered does not match the confirm password entered. Please try again.";
}
} else {
$alert_message = "You have entered your current password incorrectly. Please try again.";
}
}
?>
<!doctype html>
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
*
* @package OpenEMR
* @author Kevin Yeh <*****@*****.**>
* @link http://www.open-emr.org
*/
//SANITIZE ALL ESCAPES
$sanitize_all_escapes = true;
//STOP FAKE REGISTER GLOBALS
$fake_register_globals = false;
include_once "../globals.php";
require_once "{$srcdir}/authentication/rsa.php";
require_once "{$srcdir}/authentication/password_change.php";
$rsa_manager = new rsa_key_manager();
$rsa_manager->load_from_db($_REQUEST['pk']);
$curPass = $rsa_manager->decrypt($_REQUEST['curPass']);
$newPass = $rsa_manager->decrypt($_REQUEST['newPass']);
$newPass2 = $rsa_manager->decrypt($_REQUEST['newPass2']);
if ($newPass != $newPass2) {
echo xlt("Passwords Don't match!");
exit;
}
$errMsg = '';
$success = update_password($_SESSION['authId'], $_SESSION['authId'], $curPass, $newPass, $errMsg);
if ($success) {
echo xlt("Password change successful");
} else {
// If update_password fails the error message is returned
echo text($errMsg);
}
<?php
require 'values.php';
require 'functions.php';
session_start();
if (!isset($_SESSION['name'])) {
session_regenerate_id(true);
session_write_close();
header("Location:loginstaff.php");
}
if (isset($_POST['password'])) {
//check that passwords match.
if ($_POST['p1'] != $_POST['p2']) {
$status = array("error-message", "Passwords do not match.");
} else {
$status = update_password($_SESSION['name'], $_POST['p1'], "staff");
}
}
staffheader($_SESSION['name'], "passwordstaff.php", $_SESSION['year'], $_SESSION['season_name'], $_SESSION['season']);
?>
<h3> <center> Change your password below </center></h3>
<br>
<fieldset style="margin-right:25%%; margin-left: 25%">
<legend>Change Your Password </legend>
<div>
<form action="passwordstaff.php" method="post">
<label class="selections" for="p1">Your New Password:</label>
<input class="input" type="password" name="p1" id="p1" />
<?php
require 'values.php';
require 'functions.php';
session_start();
if (!isset($_SESSION['ta_id'])) {
session_regenerate_id(true);
session_write_close();
header("Location:login.php");
}
if (isset($_POST['password'])) {
//check that passwords match.
if ($_POST['p1'] != $_POST['p2']) {
$status = array("error-message", "Passwords do not match.");
} else {
$status = update_password($_SESSION['ta_id'], $_POST['p1']);
}
}
?>
<head>
<link rel="shortcut icon" href="icon.ico" >
<link rel="stylesheet" href="css/font-awesome.min.css">
<link rel="stylesheet" href="css/example.css">
<link href="css/styles.css" rel="stylesheet" type="text/css" />
<link rel="stylesheet" href="test_files/css3menu13/style.css" type="text/css" /><style type="text/css">._css3m{display:none}</style>
<link rel="stylesheet" href="css/thumbnailviewer.css" type="text/css" />
<script src="js/thumbnailviewer.js" type="text/javascript"></script>
<script type="text/javascript" src="js/jquery-1.9.1.min.js"></script>
<script type="text/javascript" src="js/jssor.core.js"></script>
<script type="text/javascript" src="js/jssor.utils.js"></script>
<script type="text/javascript" src="js/jssor.slider.js"></script>
function resetpassword($id)
{
$row = get_user_data($id);
$to = $row["email"];
$newPassword = generateRandomString();
$subject = "Password Reset for IRS Website";
$message = "Hello, you recently requested your Password to be reset. Your new password you can log in with is: ";
$message .= $newPassword;
$headers = 'From: irs.software.project@gmail.com' . "\r\n" . 'Reply-To: irs.software.project@gmail.com' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
update_password($id, $newPassword);
echo '
<script>
alert("Password successfully reset");
</script>
';
}
header("location:./error.html");
exit;
}
if ($_POST['action'] === "updateSetting") {
if (isset($_POST['nickname']) && isset($_POST['oldPassword']) && isset($_POST['newPassword']) && isset($_POST['profile'])) {
$nickname = $_POST['nickname'];
$oldPassword = $_POST['oldPassword'];
$newPassword = $_POST['newPassword'];
$profile = $_POST['profile'];
try {
$conn = connect();
} catch (Exception $error) {
header("location:./admin/setting.php?failed");
exit;
}
if (update_password($conn, $oldPassword, $newPassword) && update_info($conn, $nickname, $profile)) {
header("location:./admin/setting.php?success");
} else {
header("location:./admin/setting.php?failed");
}
} else {
header("location:./admin/setting.php?failed");
}
}
if ($_POST['action'] === "del") {
if (isset($_POST['id']) && is_num($_POST['id'])) {
try {
$conn = connect();
del_item($conn, $_POST['id']);
} catch (Exception $error) {
header("location:./admin/admin.php");
$updateErr = array();
$newPswd = $newPswdAgain = $currentPswd = "";
$newPswd = test_input($_POST["newPswd"]);
$newPswdAgain = test_input($_POST["newPswdAgain"]);
$currentPswd = test_input($_POST["currentPswd"]);
if (empty($newPswd) || empty($newPswdAgain) || empty($currentPswd)) {
$action['result'] = 'error';
array_push($updateErr, "Aizpildiet visus paroles maiņas laukus");
} else {
if (strlen($newPswd) < 6) {
$action['result'] = 'error';
array_push($updateErr, "Paroles garumam ir jābut vismas 6 simboli");
}
if ($newPswd != $newPswdAgain) {
$action['result'] = 'error';
array_push($updateErr, "Paroles nesakrīt");
}
if (login($_SESSION['user_username'], $currentPswd, $conn) === false) {
$action['result'] = 'error';
array_push($updateErr, "Nepareiza pašreizējā parole");
}
}
if ($action['result'] != 'error') {
$update_password = update_password($newPswd, $_SESSION['user_id'], $conn);
if ($update_password) {
exit;
} else {
array_push($updateErr, "Neizdevās atjaunināt paroli");
}
}
output_errors($updateErr);
$doit = false;
}
}
if ($doit == true) {
require_once "{$srcdir}/authentication/password_change.php";
//if password expiration option is enabled, calculate the expiration date of the password
if ($GLOBALS['password_expiration_days'] != 0) {
$exp_days = $GLOBALS['password_expiration_days'];
$exp_date = date('Y-m-d', strtotime("+{$exp_days} days"));
}
$insertUserSQL = "insert into users set " . "username = '******'rumple')) . "', password = '******'NoLongerUsed' . "', fname = '" . trim(formData('fname')) . "', mname = '" . trim(formData('mname')) . "', lname = '" . trim(formData('lname')) . "', federaltaxid = '" . trim(formData('federaltaxid')) . "', state_license_number = '" . trim(formData('state_license_number')) . "', newcrop_user_role = '" . trim(formData('erxrole')) . "', physician_type = '" . trim(formData('physician_type')) . "', authorized = '" . trim(formData('authorized')) . "', info = '" . trim(formData('info')) . "', federaldrugid = '" . trim(formData('federaldrugid')) . "', upin = '" . trim(formData('upin')) . "', npi = '" . trim(formData('npi')) . "', taxonomy = '" . trim(formData('taxonomy')) . "', facility_id = '" . trim(formData('facility_id')) . "', specialty = '" . trim(formData('specialty')) . "', see_auth = '" . trim(formData('see_auth')) . "', cal_ui = '" . trim(formData('cal_ui')) . "', default_warehouse = '" . trim(formData('default_warehouse')) . "', irnpool = '" . trim(formData('irnpool')) . "', calendar = '" . $calvar . "', pwd_expiration_date = '" . trim("{$exp_date}") . "'";
$clearAdminPass = $_POST['adminPass'];
$clearUserPass = $_POST['stiltskin'];
$password_err_msg = "";
$prov_id = "";
$success = update_password($_SESSION['authId'], 0, $clearAdminPass, $clearUserPass, $password_err_msg, true, $insertUserSQL, trim(formData('rumple')), $prov_id);
error_log($password_err_msg);
$alertmsg .= $password_err_msg;
if ($success) {
//set the facility name from the selected facility_id
sqlStatement("UPDATE users, facility SET users.facility = facility.name WHERE facility.id = '" . trim(formData('facility_id')) . "' AND users.username = '******'rumple')) . "'");
sqlStatement("insert into groups set name = '" . trim(formData('groupname')) . "', user = '******'rumple')) . "'");
if (isset($phpgacl_location) && acl_check('admin', 'acl') && trim(formData('rumple'))) {
// Set the access control group of user
set_user_aro($_POST['access_group'], trim(formData('rumple')), trim(formData('fname')), trim(formData('mname')), trim(formData('lname')));
}
$ws = new WSProvider($prov_id);
}
} else {
$alertmsg .= xl('User', '', '', ' ') . trim(formData('rumple')) . xl('already exists.', '', ' ');
}
$user_id = $_SESSION['user_id'];
$query = <<<SQL_QUERY
update
admin
set
admin_pass = ?
where
admin_id = ?
SQL_QUERY;
$rs = exec_query($sql, $query, array($upass, $user_id));
set_page_message(tr('User password updated successfully!'));
}
}
}
}
}
/*
*
* static page messages.
*
*/
gen_admin_menu($tpl);
$tpl->assign(array('TR_CHANGE_PASSWORD' => tr('Change password'), 'TR_PASSWORD_DATA' => tr('Password data'), 'TR_PASSWORD' => tr('Password'), 'TR_PASSWORD_REPEAT' => tr('Password repeat'), 'TR_UPDATE_PASSWORD' => tr('Update password')));
update_password();
gen_page_message($tpl);
$tpl->parse('PAGE', 'page');
$tpl->prnt();
if (isset($cfg['DUMP_GUI_DEBUG'])) {
dump_gui_debug();
}
unset_messages();
if (isset($mybb->input['code']) && $user) {
$query = $db->simple_select("awaitingactivation", "code", "uid='" . $user['uid'] . "' AND type='p'");
$activationcode = $db->fetch_field($query, 'code');
$now = TIME_NOW;
if (!$activationcode || $activationcode != $mybb->get_input('code')) {
error($lang->error_badlostpwcode);
}
$db->delete_query("awaitingactivation", "uid='" . $user['uid'] . "' AND type='p'");
$username = $user['username'];
// Generate a new password, then update it
$password_length = (int) $mybb->settings['minpasswordlength'];
if ($password_length < 8) {
$password_length = 8;
}
$password = random_str($password_length);
$logindetails = update_password($user['uid'], md5($password), $user['salt']);
$email = $user['email'];
$plugins->run_hooks("member_resetpassword_process");
$emailsubject = $lang->sprintf($lang->emailsubject_passwordreset, $mybb->settings['bbname']);
$emailmessage = $lang->sprintf($lang->email_passwordreset, $username, $mybb->settings['bbname'], $password);
my_mail($email, $emailsubject, $emailmessage);
$plugins->run_hooks("member_resetpassword_reset");
error($lang->redirect_passwordreset);
} else {
$plugins->run_hooks("member_resetpassword_form");
switch ($mybb->settings['username_method']) {
case 0:
$lang_username = $lang->username;
break;
case 1:
$lang_username = $lang->username1;
function change_password($id)
{
$result = update_password($_POST['password']);
if ($result) {
redirect("user/account");
} else {
redirect("user/account/update-password-failed");
}
}
