static function doUpdatePassword()
{
global $zdbh;
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
$current_pass = $controller->GetControllerRequest('FORM', 'inCurPass');
$newpass = $controller->GetControllerRequest('FORM', 'inNewPass');
$conpass = $controller->GetControllerRequest('FORM', 'inConPass');
$crypto = new runtime_hash();
$crypto->SetPassword($newpass);
$randomsalt = $crypto->RandomSalt();
$crypto->SetSalt($randomsalt);
$new_secure_password = $crypto->CryptParts($crypto->Crypt())->Hash;
$sql = $zdbh->prepare("SELECT ac_pass_vc, ac_passsalt_vc FROM x_accounts WHERE ac_id_pk= :uid");
$sql->bindParam(':uid', $currentuser['userid']);
$sql->execute();
$result = $sql->fetch();
$userpasshash = new runtime_hash();
$userpasshash->SetPassword($current_pass);
$userpasshash->SetSalt($result['ac_passsalt_vc']);
$current_secure_password = $userpasshash->CryptParts($userpasshash->Crypt())->Hash;
if (fs_director::CheckForEmptyValue($newpass)) {
// Current password is blank!
self::$error = "error";
} elseif ($current_secure_password != $result['ac_pass_vc']) {
// Current password does not match!
self::$error = "nomatch";
} else {
if ($newpass == $conpass) {
// Check for password length...
if (strlen($newpass) < ctrl_options::GetSystemOption('password_minlength')) {
self::$badpassword = true;
return false;
}
// Check that the new password matches the confirmation box.
$sql = $zdbh->prepare("UPDATE x_accounts SET ac_pass_vc=:new_secure_password, ac_passsalt_vc= :randomsalt WHERE ac_id_pk=:userid");
$sql->bindParam(':randomsalt', $randomsalt);
$sql->bindParam(':new_secure_password', $new_secure_password);
$sql->bindParam(':userid', $currentuser['userid']);
$sql->execute();
self::$error = "ok";
} else {
self::$error = "error";
}
}
}
static function CheckCreateForErrors($username, $packageid, $groupid, $email, $password = "")
{
global $zdbh;
$username = strtolower(str_replace(' ', '', $username));
// Check to make sure the username is not blank or exists before we go any further...
if (!fs_director::CheckForEmptyValue($username)) {
$sql = "SELECT COUNT(*) FROM x_accounts WHERE UPPER(ac_user_vc)=:user AND ac_deleted_ts IS NULL";
$numrows = $zdbh->prepare($sql);
$user = strtoupper($username);
$numrows->bindParam(':user', $user);
if ($numrows->execute()) {
if ($numrows->fetchColumn() != 0) {
self::$alreadyexists = true;
return false;
}
}
if (!self::IsValidUserName($username)) {
self::$badname = true;
return false;
}
} else {
self::$userblank = true;
return false;
}
// Check to make sure the packagename is not blank and exists before we go any further...
if (!fs_director::CheckForEmptyValue($packageid)) {
$sql = "SELECT COUNT(*) FROM x_packages WHERE pk_id_pk=:packageid AND pk_deleted_ts IS NULL";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':packageid', $packageid);
if ($numrows->execute()) {
if ($numrows->fetchColumn() == 0) {
self::$packageblank = true;
return false;
}
}
} else {
self::$packageblank = true;
return false;
}
// Check to make sure the groupname is not blank and exists before we go any further...
if (!fs_director::CheckForEmptyValue($groupid)) {
$sql = "SELECT COUNT(*) FROM x_groups WHERE ug_id_pk=:groupid";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':groupid', $groupid);
if ($numrows->execute()) {
if ($numrows->fetchColumn() == 0) {
self::$groupblank = true;
return;
}
}
} else {
self::$groupblank = true;
return false;
}
// Check for invalid characters in the email and that it exists...
if (!fs_director::CheckForEmptyValue($email)) {
if (!self::IsValidEmail($email)) {
self::$bademail = true;
return false;
}
} else {
self::$emailblank = true;
return false;
}
// Check that the email address is unique to the user's table
if (!fs_director::CheckForEmptyValue($email)) {
if (ctrl_users::CheckUserEmailIsUnique($email)) {
self::$not_unique_email = false;
return true;
} else {
self::$not_unique_email = true;
return false;
}
} else {
self::$not_unique_email = true;
return false;
}
// Check for password length...
if (!fs_director::CheckForEmptyValue($password)) {
if (strlen($password) < ctrl_options::GetSystemOption('password_minlength')) {
self::$badpassword = true;
return false;
}
} else {
self::$passwordblank = true;
return false;
}
return true;
}
