echo <<<EOT
\t\t<div class="error" align="center">
\t\t\t<strong>ERROR:</strong> Unauthorised access for supplied user name and password.
\t\t</div>
EOT;
}
# Warning, if plain passwords are selected
if (config_get('auth_type') == AUTH_PLAIN) {
echo <<<EOT
\t\t<div class="warning" align="center">
\t\t\t<strong>WARNING:</strong> Plain password authentication is used, this will expose your passwords to administrators.
\t\t</div>
EOT;
}
# Generate a warning if administrator/root is valid.
if (access_verify_login('administrator', 'root')) {
echo <<<EOT
\t\t<div class="warning" align="center">
\t\t\t<strong>WARNING:</strong> You should disable the "administrator" account or change its password.
\t\t</div>
EOT;
}
echo <<<EOT
\t<div class="center">
\t<div class="small-width">
\t\t<form name="f_login_form" method="post" action="{$g_login}">
\t\t\t<table class="box" summary="">
\t\t\t\t<tr class="title">
\t\t\t\t\t<td width="25%"><strong>{$s_login_title}</strong></td>
\t\t\t\t\t<td width="75%" align="right">[ <a href="signup_page.php"><strong>Sign Up</strong></a> ]</td>
\t\t\t\t</tr>
function user_change_password($p_where, $p_old_password, $p_new_password, $p_verify_password = null)
{
$t_user = user_get_info($p_where);
if (false === $t_user) {
return false;
## error message printed by user_get_info().
}
if (!access_verify_login($t_user['username'], $p_old_password)) {
echo 'Original password is incorrect.<br />';
return false;
}
if ($p_verify_password !== null && $p_verify_password != $p_new_password) {
echo 'New and verify passwords do not match.<br />';
return false;
}
$t_password = access_encrypt_password($p_new_password);
$c_password = db_prepare_string($t_password);
$query = "UPDATE " . config_get('phpWN_user_table') . "\r\n\t\t\t\tSET password='******'\r\n\t\t\t\tWHERE {$p_where}";
$result = db_query($query);
if (false === $result) {
return false;
}
return true;
}
