}
// uname
$_uname = isset($_COOKIE['uname']) ? trim($_COOKIE['uname']) : '';
// update password
if (isset($_POST['updatePassword'])) {
$cpasswd = trim($_POST['currentPasswd']);
$passwd = trim($_POST['newPasswd']);
$passwd2 = trim($_POST['newPasswd2']);
if (empty($cpasswd)) {
utility::jsAlert(__('Current password can not be empty!'));
} else {
if ($passwd and $passwd2 and $passwd !== $passwd2) {
utility::jsAlert(__('Password confirmation does not match. See if your Caps Lock key is on!'));
} else {
$logon = new admin_logon($_uname, $cpasswd);
if ($logon->changePasswd($dbs, $passwd2)) {
// write log
utility::writeLogs($dbs, 'staff', $_uname, 'Login', 'Change password SUCCESS for user ' . $_uname . ' from address ' . $_SERVER['REMOTE_ADDR']);
// clear cookie
setcookie('token', '', time() - 3600, SWB);
setcookie('uname', '', time() - 3600, SWB);
echo '<script type="text/javascript">';
echo 'alert("Password Updated. Please log in again!");';
echo 'location.href = \'index.php?p=login\';';
echo '</script>';
exit;
} else {
// write log
utility::writeLogs($dbs, 'staff', $_uname, 'Login', 'Change password FAILED for user ' . $_uname . ' from address ' . $_SERVER['REMOTE_ADDR']);
utility::jsAlert($logon->errors);
}
