function Page_Main() { global $conn, $Language, $Security, $gsFormError; global $Breadcrumb; $Breadcrumb = new cBreadcrumb(); $Breadcrumb->Add("changepwd", "ChangePwdPage", ew_CurrentUrl(), "", "", TRUE); $bPostBack = ew_IsHttpPost(); $bValidate = TRUE; if ($bPostBack) { $this->OldPassword = ew_StripSlashes(@$_POST["opwd"]); $this->NewPassword = ew_StripSlashes(@$_POST["npwd"]); $this->ConfirmedPassword = ew_StripSlashes(@$_POST["cpwd"]); $bValidate = $this->ValidateForm($this->OldPassword, $this->NewPassword, $this->ConfirmedPassword); if (!$bValidate) { $this->setFailureMessage($gsFormError); } } $bPwdUpdated = FALSE; if ($bPostBack && $bValidate) { // Setup variables $sUsername = $Security->CurrentUserName(); $sFilter = str_replace("%u", ew_AdjustSql($sUsername), EW_USER_NAME_FILTER); // Set up filter (Sql Where Clause) and get Return SQL // SQL constructor in usuarios class, usuariosinfo.php $this->CurrentFilter = $sFilter; $sSql = $this->SQL(); if ($rs = $conn->Execute($sSql)) { if (!$rs->EOF) { $rsold = $rs->fields; if (ew_ComparePassword($rsold['contrasenia'], $this->OldPassword)) { $bValidPwd = TRUE; $bValidPwd = $this->User_ChangePassword($rsold, $sUsername, $this->OldPassword, $this->NewPassword); if ($bValidPwd) { $rsnew = array('contrasenia' => $this->NewPassword); // Change Password $sEmail = $rsold['email']; $rs->Close(); $conn->raiseErrorFn = $GLOBALS["EW_ERROR_FN"]; $bValidPwd = $this->Update($rsnew); $conn->raiseErrorFn = ''; if ($bValidPwd) { $bPwdUpdated = TRUE; } } else { $this->setFailureMessage($Language->Phrase("InvalidNewPassword")); $rs->Close(); } } else { $this->setFailureMessage($Language->Phrase("InvalidPassword")); } } else { $rs->Close(); } } } if ($bPwdUpdated) { if (@$sEmail != "") { // Load Email Content $Email = new cEmail(); $Email->Load("phptxt/changepwd.txt"); $Email->ReplaceSender(EW_SENDER_EMAIL); // Replace Sender $Email->ReplaceRecipient($sEmail); // Replace Recipient $Email->ReplaceContent('<!--$Password-->', $this->NewPassword); $Email->Charset = EW_EMAIL_CHARSET; $Args = array(); $Args["rs"] =& $rsnew; $bEmailSent = FALSE; if ($this->Email_Sending($Email, $Args)) { $bEmailSent = $Email->Send(); } // Send email failed if (!$bEmailSent) { $this->setFailureMessage($Email->SendErrDescription); } } if ($this->getSuccessMessage() == "") { $this->setSuccessMessage($Language->Phrase("PasswordChanged")); } // Set up success message $this->Page_Terminate("index.php"); // Exit page and clean up } }
function Page_Main() { global $UserTableConn, $Language, $Security, $gsFormError; global $Breadcrumb; $Breadcrumb = new cBreadcrumb(); $Breadcrumb->Add("changepwd", "ChangePwdPage", ew_CurrentUrl(), "", "", TRUE); $bPostBack = ew_IsHttpPost(); $bValidate = TRUE; if ($bPostBack) { $this->OldPassword = ew_StripSlashes(@$_POST["opwd"]); $this->NewPassword = ew_StripSlashes(@$_POST["npwd"]); $this->ConfirmedPassword = ew_StripSlashes(@$_POST["cpwd"]); $bValidate = $this->ValidateForm($this->OldPassword, $this->NewPassword, $this->ConfirmedPassword); if (!$bValidate) { $this->setFailureMessage($gsFormError); } } $bPwdUpdated = FALSE; if ($bPostBack && $bValidate) { // Setup variables $sUsername = $Security->CurrentUserName(); if (IsPasswordReset()) { $sUsername = $_SESSION[EW_SESSION_USER_PROFILE_USER_NAME]; } $sFilter = str_replace("%u", ew_AdjustSql($sUsername, EW_USER_TABLE_DBID), EW_USER_NAME_FILTER); // Set up filter (Sql Where Clause) and get Return SQL // SQL constructor in user class, userinfo.php $this->CurrentFilter = $sFilter; $sSql = $this->SQL(); if ($rs = $UserTableConn->Execute($sSql)) { if (!$rs->EOF) { $rsold = $rs->fields; if (IsPasswordReset() || ew_ComparePassword($rsold['PASS'], $this->OldPassword)) { $bValidPwd = TRUE; if (!IsPasswordReset()) { $bValidPwd = $this->User_ChangePassword($rsold, $sUsername, $this->OldPassword, $this->NewPassword); } if ($bValidPwd) { $rsnew = array('PASS' => $this->NewPassword); // Change Password $rs->Close(); $UserTableConn->raiseErrorFn = $GLOBALS["EW_ERROR_FN"]; $bValidPwd = $this->Update($rsnew); $UserTableConn->raiseErrorFn = ''; if ($bValidPwd) { $bPwdUpdated = TRUE; } } else { $this->setFailureMessage($Language->Phrase("InvalidNewPassword")); $rs->Close(); } } else { $this->setFailureMessage($Language->Phrase("InvalidPassword")); } } else { $rs->Close(); } } } if ($bPwdUpdated) { if ($this->getSuccessMessage() == "") { $this->setSuccessMessage($Language->Phrase("PasswordChanged")); } // Set up success message if (IsPasswordReset()) { $_SESSION[EW_SESSION_STATUS] = ""; $_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = ""; } $this->Page_Terminate("index.php"); // Exit page and clean up } }
function ValidateUser(&$usr, &$pwd, $autologin) { global $conn, $Language; global $UserTable; $ValidateUser = FALSE; $CustomValidateUser = FALSE; // Call User Custom Validate event if (EW_USE_CUSTOM_LOGIN) { $CustomValidateUser = $this->User_CustomValidate($usr, $pwd); if ($CustomValidateUser) { $_SESSION[EW_SESSION_STATUS] = "login"; $this->setCurrentUserName($usr); // Load user name } } // Check hard coded admin first if (!$ValidateUser) { if (EW_CASE_SENSITIVE_PASSWORD) { $ValidateUser = !$CustomValidateUser && EW_ADMIN_USER_NAME == $usr && EW_ADMIN_PASSWORD == $pwd || $CustomValidateUser && EW_ADMIN_USER_NAME == $usr; } else { $ValidateUser = !$CustomValidateUser && strtolower(EW_ADMIN_USER_NAME) == strtolower($usr) && strtolower(EW_ADMIN_PASSWORD) == strtolower($pwd) || $CustomValidateUser && strtolower(EW_ADMIN_USER_NAME) == strtolower($usr); } if ($ValidateUser) { $_SESSION[EW_SESSION_STATUS] = "login"; $_SESSION[EW_SESSION_SYS_ADMIN] = 1; // System Administrator $this->setCurrentUserName("Administrator"); // Load user name $this->setSessionUserID(-1); // System Administrator } } // Check other users if (!$ValidateUser) { $sFilter = str_replace("%u", ew_AdjustSql($usr), EW_USER_NAME_FILTER); $sFilter .= " AND " . EW_USER_ACTIVATE_FILTER; // Set up filter (SQL WHERE clause) and get return SQL // SQL constructor in <UserTable> class, <UserTable>info.php $sSql = $UserTable->GetSQL($sFilter, ""); if ($rs = $conn->Execute($sSql)) { if (!$rs->EOF) { $ValidateUser = $CustomValidateUser || ew_ComparePassword($rs->fields('contrasenia'), $pwd); if ($ValidateUser) { $_SESSION[EW_SESSION_STATUS] = "login"; $_SESSION[EW_SESSION_SYS_ADMIN] = 0; // Non System Administrator $this->setCurrentUserName($rs->fields('usuario')); // Load user name $this->setSessionUserID($rs->fields('codigo')); // Load User ID $this->setSessionParentUserID($rs->fields('codigo')); // Load parent User ID // Call User Validated event $row = $rs->fields; $this->User_Validated($row); } } $rs->Close(); } } if ($CustomValidateUser) { return $CustomValidateUser; } if (!$ValidateUser && !IsPasswordExpired()) { $_SESSION[EW_SESSION_STATUS] = ""; } // Clear login status return $ValidateUser; }
function ValidateUser(&$usr, &$pwd, $autologin) { global $conn, $Language; global $UserTable; $ValidateUser = FALSE; $CustomValidateUser = FALSE; // Call User Custom Validate event if (EW_USE_CUSTOM_LOGIN) { $CustomValidateUser = $this->User_CustomValidate($usr, $pwd); if ($CustomValidateUser) { $_SESSION[EW_SESSION_STATUS] = "login"; $this->setCurrentUserName($usr); // Load user name } } // Check other users if (!$ValidateUser) { $sFilter = str_replace("%u", ew_AdjustSql($usr), EW_USER_NAME_FILTER); // Set up filter (SQL WHERE clause) and get return SQL // SQL constructor in <UserTable> class, <UserTable>info.php $sSql = $UserTable->GetSQL($sFilter, ""); if ($rs = $conn->Execute($sSql)) { if (!$rs->EOF) { $ValidateUser = $CustomValidateUser || ew_ComparePassword($rs->fields('Password'), $pwd); if ($ValidateUser) { $_SESSION[EW_SESSION_STATUS] = "login"; $_SESSION[EW_SESSION_SYS_ADMIN] = 0; // Non System Administrator $this->setCurrentUserName($rs->fields('UserName')); // Load user name // Call User Validated event $row = $rs->fields; $this->User_Validated($row); } } $rs->Close(); } } if ($CustomValidateUser) { return $CustomValidateUser; } if (!$ValidateUser && !IsPasswordExpired()) { $_SESSION[EW_SESSION_STATUS] = ""; } // Clear login status return $ValidateUser; }