/** * @param string $user name - Must be non null and at least 1 character. * @param string $user_password - Must be non null and at least 1 character. * @param string $new_password - Must be non null and at least 1 character. * @return boolean - If passwords pass verification and query succeeds, return true, else return false. * @desc Verify that the current password is correct and write the new password to the DB. * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.. * All Rights Reserved.. * Contributor(s): ______________________________________.. */ function change_password($user_password, $new_password, $dieOnError = true) { $usr_name = $this->column_fields["user_name"]; global $mod_strings; $current_user = vglobal('current_user'); $this->log->debug("Starting password change for {$usr_name}"); if (!isset($new_password) || $new_password == "") { $this->error_string = $mod_strings['ERR_PASSWORD_CHANGE_FAILED_1'] . $user_name . $mod_strings['ERR_PASSWORD_CHANGE_FAILED_2']; return false; } if (!is_admin($current_user)) { #commenting this as the the transaction is already started in vtws_changepassword // $this->db->startTransaction(); if (!$this->verifyPassword($user_password)) { $this->log->warn("Incorrect old password for {$usr_name}"); $this->error_string = $mod_strings['ERR_PASSWORD_INCORRECT_OLD']; return false; } if ($this->db->hasFailedTransaction()) { if ($dieOnError) { die("error verifying old transaction[" . $this->db->database->ErrorNo() . "] " . $this->db->database->ErrorMsg()); } return false; } } $user_hash = $this->get_user_hash($new_password); //set new password $crypt_type = $this->DEFAULT_PASSWORD_CRYPT_TYPE; $encrypted_new_password = $this->encrypt_password($new_password, $crypt_type); $query = "UPDATE {$this->table_name} SET user_password=?, confirm_password=?, user_hash=?, " . "crypt_type=? where id=?"; #commenting this as the the transaction is already started in vtws_changepassword // $this->db->startTransaction(); $this->db->pquery($query, array($encrypted_new_password, $encrypted_new_password, $user_hash, $crypt_type, $this->id)); if ($this->db->hasFailedTransaction()) { if ($dieOnError) { die("error setting new password: [" . $this->db->database->ErrorNo() . "] " . $this->db->database->ErrorMsg()); } return false; } // Fill up the post-save state of the instance. if (empty($this->column_fields['user_hash'])) { $this->column_fields['user_hash'] = $user_hash; } $this->column_fields['user_password'] = $encrypted_new_password; $this->column_fields['confirm_password'] = $encrypted_new_password; $this->triggerAfterSaveEventHandlers(); return true; }
/** * @param string $user name - Must be non null and at least 1 character. * @param string $user_password - Must be non null and at least 1 character. * @param string $new_password - Must be non null and at least 1 character. * @return boolean - If passwords pass verification and query succeeds, return true, else return false. * @desc Verify that the current password is correct and write the new password to the DB. * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.. * All Rights Reserved.. * Contributor(s): ______________________________________.. */ function change_password($user_password, $new_password, $dieOnError = true) { $usr_name = $this->column_fields["user_name"]; global $mod_strings; global $current_user; $this->log->debug("Starting password change for {$usr_name}"); if (!isset($new_password) || $new_password == "") { $this->error_string = $mod_strings['ERR_PASSWORD_CHANGE_FAILED_1'] . $user_name . $mod_strings['ERR_PASSWORD_CHANGE_FAILED_2']; return false; } if (!is_admin($current_user)) { $this->db->startTransaction(); if (!$this->verifyPassword($user_password)) { $this->log->warn("Incorrect old password for {$usr_name}"); $this->error_string = $mod_strings['ERR_PASSWORD_INCORRECT_OLD']; return false; } if ($this->db->hasFailedTransaction()) { if ($dieOnError) { die("error verifying old transaction[" . $this->db->database->ErrorNo() . "] " . $this->db->database->ErrorMsg()); } return false; } } $user_hash = strtolower(md5($new_password)); //set new password $crypt_type = $this->DEFAULT_PASSWORD_CRYPT_TYPE; $encrypted_new_password = $this->encrypt_password($new_password, $crypt_type); $query = "UPDATE {$this->table_name} SET user_password=?, confirm_password=?, user_hash=?, " . "crypt_type=? where id=?"; $this->db->startTransaction(); $this->db->pquery($query, array($encrypted_new_password, $encrypted_new_password, $user_hash, $crypt_type, $this->id)); if ($this->db->hasFailedTransaction()) { if ($dieOnError) { die("error setting new password: [" . $this->db->database->ErrorNo() . "] " . $this->db->database->ErrorMsg()); } return false; } $this->createAccessKey(); return true; }