static function doUpdatePassword() { global $zdbh; global $controller; runtime_csfr::Protect(); $currentuser = ctrl_users::GetUserDetail(); $current_pass = $controller->GetControllerRequest('FORM', 'inCurPass'); $newpass = $controller->GetControllerRequest('FORM', 'inNewPass'); $conpass = $controller->GetControllerRequest('FORM', 'inConPass'); $crypto = new runtime_hash(); $crypto->SetPassword($newpass); $randomsalt = $crypto->RandomSalt(); $crypto->SetSalt($randomsalt); $new_secure_password = $crypto->CryptParts($crypto->Crypt())->Hash; $sql = $zdbh->prepare("SELECT ac_pass_vc, ac_passsalt_vc FROM x_accounts WHERE ac_id_pk= :uid"); $sql->bindParam(':uid', $currentuser['userid']); $sql->execute(); $result = $sql->fetch(); $userpasshash = new runtime_hash(); $userpasshash->SetPassword($current_pass); $userpasshash->SetSalt($result['ac_passsalt_vc']); $current_secure_password = $userpasshash->CryptParts($userpasshash->Crypt())->Hash; if (fs_director::CheckForEmptyValue($newpass)) { // Current password is blank! self::$error = "error"; } elseif ($current_secure_password != $result['ac_pass_vc']) { // Current password does not match! self::$error = "nomatch"; } else { if ($newpass == $conpass) { // Check for password length... if (strlen($newpass) < ctrl_options::GetSystemOption('password_minlength')) { self::$badpassword = true; return false; } // Check that the new password matches the confirmation box. $sql = $zdbh->prepare("UPDATE x_accounts SET ac_pass_vc=:new_secure_password, ac_passsalt_vc= :randomsalt WHERE ac_id_pk=:userid"); $sql->bindParam(':randomsalt', $randomsalt); $sql->bindParam(':new_secure_password', $new_secure_password); $sql->bindParam(':userid', $currentuser['userid']); $sql->execute(); self::$error = "ok"; } else { self::$error = "error"; } } }
static function CheckCreateForErrors($username, $packageid, $groupid, $email, $password = "") { global $zdbh; $username = strtolower(str_replace(' ', '', $username)); // Check to make sure the username is not blank or exists before we go any further... if (!fs_director::CheckForEmptyValue($username)) { $sql = "SELECT COUNT(*) FROM x_accounts WHERE UPPER(ac_user_vc)=:user AND ac_deleted_ts IS NULL"; $numrows = $zdbh->prepare($sql); $user = strtoupper($username); $numrows->bindParam(':user', $user); if ($numrows->execute()) { if ($numrows->fetchColumn() != 0) { self::$alreadyexists = true; return false; } } if (!self::IsValidUserName($username)) { self::$badname = true; return false; } } else { self::$userblank = true; return false; } // Check to make sure the packagename is not blank and exists before we go any further... if (!fs_director::CheckForEmptyValue($packageid)) { $sql = "SELECT COUNT(*) FROM x_packages WHERE pk_id_pk=:packageid AND pk_deleted_ts IS NULL"; $numrows = $zdbh->prepare($sql); $numrows->bindParam(':packageid', $packageid); if ($numrows->execute()) { if ($numrows->fetchColumn() == 0) { self::$packageblank = true; return false; } } } else { self::$packageblank = true; return false; } // Check to make sure the groupname is not blank and exists before we go any further... if (!fs_director::CheckForEmptyValue($groupid)) { $sql = "SELECT COUNT(*) FROM x_groups WHERE ug_id_pk=:groupid"; $numrows = $zdbh->prepare($sql); $numrows->bindParam(':groupid', $groupid); if ($numrows->execute()) { if ($numrows->fetchColumn() == 0) { self::$groupblank = true; return; } } } else { self::$groupblank = true; return false; } // Check for invalid characters in the email and that it exists... if (!fs_director::CheckForEmptyValue($email)) { if (!self::IsValidEmail($email)) { self::$bademail = true; return false; } } else { self::$emailblank = true; return false; } // Check that the email address is unique to the user's table if (!fs_director::CheckForEmptyValue($email)) { if (ctrl_users::CheckUserEmailIsUnique($email)) { self::$not_unique_email = false; return true; } else { self::$not_unique_email = true; return false; } } else { self::$not_unique_email = true; return false; } // Check for password length... if (!fs_director::CheckForEmptyValue($password)) { if (strlen($password) < ctrl_options::GetSystemOption('password_minlength')) { self::$badpassword = true; return false; } } else { self::$passwordblank = true; return false; } return true; }