// If updating own password, validate their current password if ($self) { //Confirm the hashes match before updating a users password if ($passwordcheck == "") { addAlert("danger", lang("ACCOUNT_SPECIFY_PASSWORD")); apiReturnError($ajax, getReferralPage()); } else { if (!passwordVerifyUF($passwordcheck, $loggedInUser->hash_pw)) { //No match addAlert("danger", lang("ACCOUNT_PASSWORD_INVALID")); apiReturnError($ajax, getReferralPage()); } } } // Prevent updating if someone attempts to update with the same password if (passwordVerifyUF($password, $loggedInUser->hash_pw)) { addAlert("danger", lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE")); apiReturnError($ajax, getReferralPage()); } if (!($password_hash = updateUserPassword($user_id, $password, $passwordc))) { $error_count++; } else { // If we're updating for the currently logged in user, update their hash_pw field if ($self) { $loggedInUser->hash_pw = $password_hash; } $success_count++; } } //Remove groups if (!empty($rm_groups)) {
$request_time = $userdetails["lost_password_timestamp"]; // Get the timeout value from the configuration table global $token_timeout; $current_token_life = time() - $request_time; // Check the token time to see if the token is still valid based on the timeout value if ($current_token_life >= $token_timeout) { // If not valid make the user restart the password request $errors[] = lang("FORGOTPASS_OLD_TOKEN"); // Reset the password flag if (!flagLostPasswordRequest($userdetails["user_name"], 0)) { $errors[] = lang("SQL_ERROR"); } } //time is good, token is good process the password reset request // Check if the password being changed is the same as the current password or not if (passwordVerifyUF($password, $userdetails["password"])) { $errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE"); } // Check if the password is empty or not if ($password == "") { $errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD"); // Check if the confirm password is empty or not } else { if ($passwordc == "") { $errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD"); } else { if (minMaxRange(8, 50, $password)) { $errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH", array(8, 50)); } else { if ($password != $passwordc) { $errors[] = lang("ACCOUNT_PASS_MISMATCH");