Esempio n. 1
0
 public function user_changepassword_post()
 {
     $data = $this->data;
     //取得公用數據
     $this->form_validation->set_rules('password_Str', '會員密碼', 'required');
     $this->form_validation->set_rules('password2_Str', '會員密碼', 'required');
     $uid_Num = $this->input->post('uid_Num', TRUE);
     if ($this->form_validation->run() !== FALSE) {
         //基本post欄位
         $password_Str = $this->input->post('password_Str', TRUE);
         $password2_Str = $this->input->post('password2_Str', TRUE);
         //建構User物件,並且更新
         $User = new User();
         $User->construct(array('uid_Num' => $uid_Num));
         $change_status_Bln = $User->change_password(array('password_Str' => $password_Str, 'password2_Str' => $password2_Str));
         if ($change_status_Bln === TRUE) {
             //送出成功訊息
             $this->load->model('Message');
             $this->Message->show(array('message' => '密碼變更成功', 'url' => 'admin/user/global/global/user'));
         } else {
             //送出成功訊息
             $this->load->model('Message');
             $this->Message->show(array('message' => $change_status_Bln, 'url' => 'admin/user/global/global/user'));
         }
     } else {
         $validation_errors_Str = validation_errors();
         $validation_errors_Str = !empty($validation_errors_Str) ? $validation_errors_Str : '設定錯誤';
         $this->load->model('Message');
         $this->Message->show(array('message' => $validation_errors_Str, 'url' => 'admin/user/global/global/user'));
     }
 }
 /** !!
  * Checks to see if all neccassary information has been provided by the user
  * If it has then the passord is updated otherwise it returns an alter stating
  * what information is missing.
  * @param array $request_data contains the data entered by the user
  * @param array $request_method must be POST or will the entire function is skipped
  */
 public function handleChangePassword($request_method, $request_data)
 {
     switch ($request_method) {
         case 'POST':
             $message = NULL;
             //input validations.
             if (empty($request_data['password'])) {
                 $message = __('Please enter your new password');
             } elseif (empty($request_data['confirm_password'])) {
                 $message = __('Please confirm your new password');
             } elseif ($request_data['confirm_password'] != $request_data['password']) {
                 $message = __('Passwords do not match. Please re-enter');
             } elseif (strlen($request_data['password']) < PA::$password_min_length) {
                 $message = sprintf(__('Password should be of %s characters or more.'), PA::$password_min_length);
             } elseif (strlen($request_data['password']) > PA::$password_max_length) {
                 $this->message = sprintf(__('Password should be less than %s charcaters.'), PA::$password_max_length);
             }
             //if $message is set then there is an error
             $redirect_url = $query_str = NULL;
             if (empty($message)) {
                 //inputs are valid, try changing the password
                 try {
                     User::change_password($request_data['password'], $this->forgot_password_id);
                     $msg_array = array('failure_msg' => NULL, 'success_msg' => $message);
                     $redirect_url = PA::$url . '/' . FILE_LOGIN;
                     $query_str = '?msg_id=7004';
                 } catch (PAException $e) {
                     $msg_array = array('failure_msg' => $e->message, 'success_msg' => NULL);
                 }
             } else {
                 $msg_array = array('failure_msg' => $message, 'success_msg' => NULL);
             }
             @set_web_variables($msg_array, $redirect_url, $query_str);
             break;
     }
 }
            $error = TRUE;
        } else {
            if (strlen($password) > 15) {
                $error_password_length_g = TRUE;
                $error = TRUE;
            } else {
                if (strlen($password) < 5) {
                    $error_password_length_l = TRUE;
                    $error = TRUE;
                }
            }
        }
    }
    if ($error != TRUE) {
        try {
            if (User::change_password($password, $forgot_password_id)) {
                $msg_id = 7004;
                header("Location: " . PA::$url . "/login.php?msg_id={$msg_id}");
                exit;
            }
        } catch (PAException $e) {
            $msg = "{$e->message}";
            $save_error = TRUE;
        }
    }
}
if ($error == TRUE || $save_error == TRUE) {
    $error = TRUE;
}
function setup_module($column, $moduleName, $obj)
{
Esempio n. 4
0
    $newUser = true;
} else {
    $newUser = false;
}
if (!$current_user->is_admin && $current_user->id != $focus->id) {
    $GLOBALS['log']->fatal("SECURITY:Non-Admin " . $current_user->id . " attempted to change settings for user:"******"Location: index.php?module=Users&action=Logout");
    exit;
}
if (!$current_user->is_admin && isset($_POST['is_admin']) && ($_POST['is_admin'] == '1' || $_POST['is_admin'] == 'on')) {
    $GLOBALS['log']->fatal("SECURITY:Non-Admin " . $current_user->id . " attempted to change is_admin settings for user:"******"Location: index.php?module=Users&action=Logout");
    exit;
}
if (isset($_POST['user_name']) && !empty($_POST['user_name']) && isset($_POST['old_password']) && (isset($_POST['new_password']) && !empty($_POST['new_password'])) && (isset($_POST['password_change']) && $_POST['password_change'] == 'true')) {
    if (!$focus->change_password($_POST['old_password'], $_POST['new_password'])) {
        header("Location: index.php?action=Error&module=Users&error_string=" . urlencode($focus->error_string));
        exit;
    }
} else {
    // New user
    foreach ($focus->column_fields as $field) {
        if (isset($_POST[$field])) {
            $value = $_POST[$field];
            $focus->{$field} = $value;
        }
    }
    foreach ($focus->additional_column_fields as $field) {
        if (isset($_POST[$field])) {
            $value = $_POST[$field];
            $focus->{$field} = $value;
Esempio n. 5
0
 public function change_password($id)
 {
     $user = new User();
     $user->retrieve($id);
     //execute the method and verifh that it returns true
     $result = $user->change_password("test", "testpass");
     $this->assertEquals(true, $result);
     //find the user by new password
     $result = User::findUserPassword("test", md5("testpass"));
     $this->assertTrue(isset($result['id']));
     $this->assertEquals($id, $result['id']);
 }
 function updatepassAction()
 {
     $user = new User($this->args[1]);
     if ($_SESSION[user]->username != $user->username) {
         $_SESSION['flash'][] = array('error', 'Not authorized.');
         redirect_to(ADMIN_URL . '/users/show/' . $this->args[1]);
     }
     if ($_POST[user][np1] != $_POST[user][np2]) {
         $_SESSION['flash'][] = array('error', 'Passwords do not match.');
         redirect_to(ADMIN_URL . '/users/password/' . $this->args[1]);
     }
     if ($user->change_password($_POST[user][curpass], $_POST[user][np1])) {
         $_SESSION['flash'][] = array('status', 'Password updated!');
         redirect_to(ADMIN_URL . '/users/show/' . $this->args[1]);
     } else {
         $_SESSION['flash'][] = array('error', 'Unable to update, check your current password.');
         redirect_to(ADMIN_URL . '/users/password/' . $this->args[1]);
     }
 }
Esempio n. 7
0
<?php

include '../inc/config.php';
$action = $_GET['f'];
switch ($action) {
    case 'signup':
        $referer = strtok($_SERVER['HTTP_REFERER'], '?');
        $user = new User();
        $return = $user->signup($_POST);
        $URL = $referer . '?s=' . $return;
        break;
        break;
    case 'forgot':
        $referer = strtok($_SERVER['HTTP_REFERER'], '?');
        $user = new User();
        $return = $user->forgot_password($_POST['email']);
        $URL = $referer . '?s=' . $return;
        break;
        break;
    case 'change':
        $referer = strtok($_SERVER['HTTP_REFERER'], '?');
        $user = new User();
        $return = $user->change_password($_POST);
        $URL = $referer . '?s=' . $return;
        break;
        break;
    default:
        exit;
        break;
}
header("Location: {$URL}");
Esempio n. 8
0
 /**
  * Changes a password for a user from old to new
  *
  * @param  User   $bean User bean
  * @param  string $old  Old password
  * @param  string $new  New password
  * @return array
  */
 protected function changePassword($bean, $old, $new)
 {
     if ($bean->change_password($old, $new)) {
         return array('valid' => true, 'message' => 'Password updated.', 'expiration' => $bean->getPreference('loginexpiration'));
     }
     //Legacy change_password populates user bean with an error_string on error
     $errorMessage = isset($bean->error_string) ? $bean->error_string : $GLOBALS['app_strings']['LBL_PASSWORD_UPDATE_GENERIC_ISSUE'];
     return array('valid' => false, 'message' => $errorMessage);
 }
Esempio n. 9
0
<?php

require_once 'functions.php';
//print_arr($_SESSION);
if (!isset($_SESSION['user_id']) && $_SESSION['user_id'] == '') {
    header('location:/');
}
require_once 'classes/geneform.php';
$userId = $_SESSION['user_id'];
if ($_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['submit'])) {
    $user = new User();
    $res = $user->change_password($_POST);
}
require_once 'includes/header.php';
?>
<div class="navbar-wrapper main-body1" style="height:auto;">
	<div class="container">
		<?php 
if ($res['status'] == '1') {
    ?>
		<div id="download" class="alert alert-info" style="text-align:center;">
			<?php 
    echo $res['msg'];
    ?>
		</div>
		<?php 
}
?>
	
		<h2>Change password</h2>
		<div class="col-md-4 col-sm-12">
Esempio n. 10
0
 public static function check_login()
 {
     global $opresult;
     //ADDED TO ENABLE THEME SWITCHING
     if (isset($_REQUEST['theme']) && $_REQUEST['theme'] != "" && is_dir("themes/" . $_REQUEST['theme'])) {
         $_SESSION["portal_theme"] = $_REQUEST['theme'];
     }
     if (isset($_SESSION["portal_theme"])) {
         $currtheme = $_SESSION['portal_theme'];
     } else {
         $currtheme = $GLOBALS["portal_theme"];
     }
     //********************************
     if (isset($_REQUEST['logout'])) {
         session_unset();
         $_SESSION["portal_theme"] = $currtheme;
         header("Location: index.php");
         die;
     }
     if (!isset($_SESSION['loggeduser']) || $_SESSION["loggeduser"] == "ERROR") {
         $login = false;
         if (isset($_REQUEST["email"]) && isset($_REQUEST["pass"])) {
             $login = User::portal_login($_REQUEST["email"], $_REQUEST["pass"]);
         }
         if (isset($_REQUEST["email"]) && isset($_REQUEST["forgot"])) {
             $lres = User::forgot_password($_REQUEST["email"]);
         }
         if (!$login || $login[0] == "INVALID_USERNAME_OR_PASSWORD") {
             if ($login[0] == "INVALID_USERNAME_OR_PASSWORD") {
                 $loginerror = $login[0];
             }
             if (isset($lres) && $lres == "ERROR") {
                 $loginerror = "The Email you Request is not in our system!";
             } else {
                 if (isset($lres) && $lres == "SUCCESS") {
                     $successmess = "We have send an Email containing your Password at the requested Address!";
                 }
             }
             if (file_exists("themes/" . $currtheme . "/login.php")) {
                 require_once "themes/" . $currtheme . "/login.php";
             } else {
                 require_once "themes/default/login.php";
             }
             session_unset();
             die;
         }
     } else {
         User::portal_login($_SESSION['loggeduser']['user_name'], $_SESSION['loggeduser']['user_password']);
     }
     if (isset($_SESSION['loggeduser']) && isset($_REQUEST['fun']) && $_REQUEST['fun'] == "changepassword") {
         $GLOBALS["opresult"] = User::change_password();
     }
 }
Esempio n. 11
0
<?php

include './includes/loader.php';
$sAction = $_GET['action'];
if (empty($_GET['email']) || empty($_GET['id'])) {
    header("Location: index.php");
    die;
}
$sActivate = $database->CachedQuery("SELECT * FROM accounts WHERE (`password` = -1 AND `email_address` = :EmailAddress AND `activation_code` = :ActivationCode) || (`email_address` = :EmailAddress AND `forgot` = :ActivationCode)", array('EmailAddress' => $_GET['email'], 'ActivationCode' => $_GET['id']));
if (empty($sActivate)) {
    header("Location: index.php");
    die;
}
if ($sAction == save) {
    $sUser = new User($sActivate->data[0]["id"]);
    $sChange = $sUser->change_password($sUser, $_POST['password'], $_POST['passwordagain']);
    if (is_array($sChange)) {
        $sErrors = array("Errors" => $sChange);
    } else {
        header("Location: index.php");
        die;
    }
}
echo Templater::AdvancedParse($sTemplate->sValue . '/activate', $locale->strings, array('Errors' => $sErrors, 'Id' => urlencode($_GET['id']), 'Email' => urlencode($_GET['email'])));
Esempio n. 12
0
 public function change_password()
 {
     if (!isset($_POST['old-password']) || !isset($_POST['new-password']) || !isset($_POST['new-password-again'])) {
         return call('page', 'error');
     }
     require 'models/personal_info.php';
     $user = User::find_by_username($_SESSION['username']);
     if ($_POST['old-password'] == "" || $_POST['new-password'] == "" || $_POST['new-password-again'] == "") {
         $_SESSION['notice'] = "Password change is not successful! (All the input fields were empty)!";
     } else {
         if (sha1($_POST['old-password']) != $user->pwd) {
             $_SESSION['notice'] = "Password change is not successful! (Old password was incorrect)";
         } else {
             if ($_POST['new-password'] != $_POST['new-password-again']) {
                 $_SESSION['notice'] = "Password change is not successful! (Retyped password field did not match)";
             } else {
                 User::change_password($_SESSION['username'], $_POST['new-password']);
                 $_SESSION['notice'] = "Change password successfully!";
             }
         }
     }
     return header("Location: index.php?controller=users&action=personal");
 }