echo <<<EOT \t\t<div class="error" align="center"> \t\t\t<strong>ERROR:</strong> Unauthorised access for supplied user name and password. \t\t</div> EOT; } # Warning, if plain passwords are selected if (config_get('auth_type') == AUTH_PLAIN) { echo <<<EOT \t\t<div class="warning" align="center"> \t\t\t<strong>WARNING:</strong> Plain password authentication is used, this will expose your passwords to administrators. \t\t</div> EOT; } # Generate a warning if administrator/root is valid. if (access_verify_login('administrator', 'root')) { echo <<<EOT \t\t<div class="warning" align="center"> \t\t\t<strong>WARNING:</strong> You should disable the "administrator" account or change its password. \t\t</div> EOT; } echo <<<EOT \t<div class="center"> \t<div class="small-width"> \t\t<form name="f_login_form" method="post" action="{$g_login}"> \t\t\t<table class="box" summary=""> \t\t\t\t<tr class="title"> \t\t\t\t\t<td width="25%"><strong>{$s_login_title}</strong></td> \t\t\t\t\t<td width="75%" align="right">[ <a href="signup_page.php"><strong>Sign Up</strong></a> ]</td> \t\t\t\t</tr>
function user_change_password($p_where, $p_old_password, $p_new_password, $p_verify_password = null) { $t_user = user_get_info($p_where); if (false === $t_user) { return false; ## error message printed by user_get_info(). } if (!access_verify_login($t_user['username'], $p_old_password)) { echo 'Original password is incorrect.<br />'; return false; } if ($p_verify_password !== null && $p_verify_password != $p_new_password) { echo 'New and verify passwords do not match.<br />'; return false; } $t_password = access_encrypt_password($p_new_password); $c_password = db_prepare_string($t_password); $query = "UPDATE " . config_get('phpWN_user_table') . "\r\n\t\t\t\tSET password='******'\r\n\t\t\t\tWHERE {$p_where}"; $result = db_query($query); if (false === $result) { return false; } return true; }