public function user_changepassword_post() { $data = $this->data; //取得公用數據 $this->form_validation->set_rules('password_Str', '會員密碼', 'required'); $this->form_validation->set_rules('password2_Str', '會員密碼', 'required'); $uid_Num = $this->input->post('uid_Num', TRUE); if ($this->form_validation->run() !== FALSE) { //基本post欄位 $password_Str = $this->input->post('password_Str', TRUE); $password2_Str = $this->input->post('password2_Str', TRUE); //建構User物件,並且更新 $User = new User(); $User->construct(array('uid_Num' => $uid_Num)); $change_status_Bln = $User->change_password(array('password_Str' => $password_Str, 'password2_Str' => $password2_Str)); if ($change_status_Bln === TRUE) { //送出成功訊息 $this->load->model('Message'); $this->Message->show(array('message' => '密碼變更成功', 'url' => 'admin/user/global/global/user')); } else { //送出成功訊息 $this->load->model('Message'); $this->Message->show(array('message' => $change_status_Bln, 'url' => 'admin/user/global/global/user')); } } else { $validation_errors_Str = validation_errors(); $validation_errors_Str = !empty($validation_errors_Str) ? $validation_errors_Str : '設定錯誤'; $this->load->model('Message'); $this->Message->show(array('message' => $validation_errors_Str, 'url' => 'admin/user/global/global/user')); } }
/** !! * Checks to see if all neccassary information has been provided by the user * If it has then the passord is updated otherwise it returns an alter stating * what information is missing. * @param array $request_data contains the data entered by the user * @param array $request_method must be POST or will the entire function is skipped */ public function handleChangePassword($request_method, $request_data) { switch ($request_method) { case 'POST': $message = NULL; //input validations. if (empty($request_data['password'])) { $message = __('Please enter your new password'); } elseif (empty($request_data['confirm_password'])) { $message = __('Please confirm your new password'); } elseif ($request_data['confirm_password'] != $request_data['password']) { $message = __('Passwords do not match. Please re-enter'); } elseif (strlen($request_data['password']) < PA::$password_min_length) { $message = sprintf(__('Password should be of %s characters or more.'), PA::$password_min_length); } elseif (strlen($request_data['password']) > PA::$password_max_length) { $this->message = sprintf(__('Password should be less than %s charcaters.'), PA::$password_max_length); } //if $message is set then there is an error $redirect_url = $query_str = NULL; if (empty($message)) { //inputs are valid, try changing the password try { User::change_password($request_data['password'], $this->forgot_password_id); $msg_array = array('failure_msg' => NULL, 'success_msg' => $message); $redirect_url = PA::$url . '/' . FILE_LOGIN; $query_str = '?msg_id=7004'; } catch (PAException $e) { $msg_array = array('failure_msg' => $e->message, 'success_msg' => NULL); } } else { $msg_array = array('failure_msg' => $message, 'success_msg' => NULL); } @set_web_variables($msg_array, $redirect_url, $query_str); break; } }
$error = TRUE; } else { if (strlen($password) > 15) { $error_password_length_g = TRUE; $error = TRUE; } else { if (strlen($password) < 5) { $error_password_length_l = TRUE; $error = TRUE; } } } } if ($error != TRUE) { try { if (User::change_password($password, $forgot_password_id)) { $msg_id = 7004; header("Location: " . PA::$url . "/login.php?msg_id={$msg_id}"); exit; } } catch (PAException $e) { $msg = "{$e->message}"; $save_error = TRUE; } } } if ($error == TRUE || $save_error == TRUE) { $error = TRUE; } function setup_module($column, $moduleName, $obj) {
$newUser = true; } else { $newUser = false; } if (!$current_user->is_admin && $current_user->id != $focus->id) { $GLOBALS['log']->fatal("SECURITY:Non-Admin " . $current_user->id . " attempted to change settings for user:"******"Location: index.php?module=Users&action=Logout"); exit; } if (!$current_user->is_admin && isset($_POST['is_admin']) && ($_POST['is_admin'] == '1' || $_POST['is_admin'] == 'on')) { $GLOBALS['log']->fatal("SECURITY:Non-Admin " . $current_user->id . " attempted to change is_admin settings for user:"******"Location: index.php?module=Users&action=Logout"); exit; } if (isset($_POST['user_name']) && !empty($_POST['user_name']) && isset($_POST['old_password']) && (isset($_POST['new_password']) && !empty($_POST['new_password'])) && (isset($_POST['password_change']) && $_POST['password_change'] == 'true')) { if (!$focus->change_password($_POST['old_password'], $_POST['new_password'])) { header("Location: index.php?action=Error&module=Users&error_string=" . urlencode($focus->error_string)); exit; } } else { // New user foreach ($focus->column_fields as $field) { if (isset($_POST[$field])) { $value = $_POST[$field]; $focus->{$field} = $value; } } foreach ($focus->additional_column_fields as $field) { if (isset($_POST[$field])) { $value = $_POST[$field]; $focus->{$field} = $value;
public function change_password($id) { $user = new User(); $user->retrieve($id); //execute the method and verifh that it returns true $result = $user->change_password("test", "testpass"); $this->assertEquals(true, $result); //find the user by new password $result = User::findUserPassword("test", md5("testpass")); $this->assertTrue(isset($result['id'])); $this->assertEquals($id, $result['id']); }
function updatepassAction() { $user = new User($this->args[1]); if ($_SESSION[user]->username != $user->username) { $_SESSION['flash'][] = array('error', 'Not authorized.'); redirect_to(ADMIN_URL . '/users/show/' . $this->args[1]); } if ($_POST[user][np1] != $_POST[user][np2]) { $_SESSION['flash'][] = array('error', 'Passwords do not match.'); redirect_to(ADMIN_URL . '/users/password/' . $this->args[1]); } if ($user->change_password($_POST[user][curpass], $_POST[user][np1])) { $_SESSION['flash'][] = array('status', 'Password updated!'); redirect_to(ADMIN_URL . '/users/show/' . $this->args[1]); } else { $_SESSION['flash'][] = array('error', 'Unable to update, check your current password.'); redirect_to(ADMIN_URL . '/users/password/' . $this->args[1]); } }
<?php include '../inc/config.php'; $action = $_GET['f']; switch ($action) { case 'signup': $referer = strtok($_SERVER['HTTP_REFERER'], '?'); $user = new User(); $return = $user->signup($_POST); $URL = $referer . '?s=' . $return; break; break; case 'forgot': $referer = strtok($_SERVER['HTTP_REFERER'], '?'); $user = new User(); $return = $user->forgot_password($_POST['email']); $URL = $referer . '?s=' . $return; break; break; case 'change': $referer = strtok($_SERVER['HTTP_REFERER'], '?'); $user = new User(); $return = $user->change_password($_POST); $URL = $referer . '?s=' . $return; break; break; default: exit; break; } header("Location: {$URL}");
/** * Changes a password for a user from old to new * * @param User $bean User bean * @param string $old Old password * @param string $new New password * @return array */ protected function changePassword($bean, $old, $new) { if ($bean->change_password($old, $new)) { return array('valid' => true, 'message' => 'Password updated.', 'expiration' => $bean->getPreference('loginexpiration')); } //Legacy change_password populates user bean with an error_string on error $errorMessage = isset($bean->error_string) ? $bean->error_string : $GLOBALS['app_strings']['LBL_PASSWORD_UPDATE_GENERIC_ISSUE']; return array('valid' => false, 'message' => $errorMessage); }
<?php require_once 'functions.php'; //print_arr($_SESSION); if (!isset($_SESSION['user_id']) && $_SESSION['user_id'] == '') { header('location:/'); } require_once 'classes/geneform.php'; $userId = $_SESSION['user_id']; if ($_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['submit'])) { $user = new User(); $res = $user->change_password($_POST); } require_once 'includes/header.php'; ?> <div class="navbar-wrapper main-body1" style="height:auto;"> <div class="container"> <?php if ($res['status'] == '1') { ?> <div id="download" class="alert alert-info" style="text-align:center;"> <?php echo $res['msg']; ?> </div> <?php } ?> <h2>Change password</h2> <div class="col-md-4 col-sm-12">
public static function check_login() { global $opresult; //ADDED TO ENABLE THEME SWITCHING if (isset($_REQUEST['theme']) && $_REQUEST['theme'] != "" && is_dir("themes/" . $_REQUEST['theme'])) { $_SESSION["portal_theme"] = $_REQUEST['theme']; } if (isset($_SESSION["portal_theme"])) { $currtheme = $_SESSION['portal_theme']; } else { $currtheme = $GLOBALS["portal_theme"]; } //******************************** if (isset($_REQUEST['logout'])) { session_unset(); $_SESSION["portal_theme"] = $currtheme; header("Location: index.php"); die; } if (!isset($_SESSION['loggeduser']) || $_SESSION["loggeduser"] == "ERROR") { $login = false; if (isset($_REQUEST["email"]) && isset($_REQUEST["pass"])) { $login = User::portal_login($_REQUEST["email"], $_REQUEST["pass"]); } if (isset($_REQUEST["email"]) && isset($_REQUEST["forgot"])) { $lres = User::forgot_password($_REQUEST["email"]); } if (!$login || $login[0] == "INVALID_USERNAME_OR_PASSWORD") { if ($login[0] == "INVALID_USERNAME_OR_PASSWORD") { $loginerror = $login[0]; } if (isset($lres) && $lres == "ERROR") { $loginerror = "The Email you Request is not in our system!"; } else { if (isset($lres) && $lres == "SUCCESS") { $successmess = "We have send an Email containing your Password at the requested Address!"; } } if (file_exists("themes/" . $currtheme . "/login.php")) { require_once "themes/" . $currtheme . "/login.php"; } else { require_once "themes/default/login.php"; } session_unset(); die; } } else { User::portal_login($_SESSION['loggeduser']['user_name'], $_SESSION['loggeduser']['user_password']); } if (isset($_SESSION['loggeduser']) && isset($_REQUEST['fun']) && $_REQUEST['fun'] == "changepassword") { $GLOBALS["opresult"] = User::change_password(); } }
<?php include './includes/loader.php'; $sAction = $_GET['action']; if (empty($_GET['email']) || empty($_GET['id'])) { header("Location: index.php"); die; } $sActivate = $database->CachedQuery("SELECT * FROM accounts WHERE (`password` = -1 AND `email_address` = :EmailAddress AND `activation_code` = :ActivationCode) || (`email_address` = :EmailAddress AND `forgot` = :ActivationCode)", array('EmailAddress' => $_GET['email'], 'ActivationCode' => $_GET['id'])); if (empty($sActivate)) { header("Location: index.php"); die; } if ($sAction == save) { $sUser = new User($sActivate->data[0]["id"]); $sChange = $sUser->change_password($sUser, $_POST['password'], $_POST['passwordagain']); if (is_array($sChange)) { $sErrors = array("Errors" => $sChange); } else { header("Location: index.php"); die; } } echo Templater::AdvancedParse($sTemplate->sValue . '/activate', $locale->strings, array('Errors' => $sErrors, 'Id' => urlencode($_GET['id']), 'Email' => urlencode($_GET['email'])));
public function change_password() { if (!isset($_POST['old-password']) || !isset($_POST['new-password']) || !isset($_POST['new-password-again'])) { return call('page', 'error'); } require 'models/personal_info.php'; $user = User::find_by_username($_SESSION['username']); if ($_POST['old-password'] == "" || $_POST['new-password'] == "" || $_POST['new-password-again'] == "") { $_SESSION['notice'] = "Password change is not successful! (All the input fields were empty)!"; } else { if (sha1($_POST['old-password']) != $user->pwd) { $_SESSION['notice'] = "Password change is not successful! (Old password was incorrect)"; } else { if ($_POST['new-password'] != $_POST['new-password-again']) { $_SESSION['notice'] = "Password change is not successful! (Retyped password field did not match)"; } else { User::change_password($_SESSION['username'], $_POST['new-password']); $_SESSION['notice'] = "Change password successfully!"; } } } return header("Location: index.php?controller=users&action=personal"); }