if (!$account->isAuthenticated()) {
// The user is not logged in so forward them to the login page.
header("Location: login.php?origin=" . urlencode('account.php'));
}
if ($common->postBack()) {
// Check that the user supplied a password matching the one currently stored in administrators.xml.
$authenticated = $account->authenticate($_SESSION['login'], $_POST['password'], FALSE, FALSE);
if (!$authenticated) {
$passwordIncorrect = TRUE;
}
if ($_POST['password1'] != $_POST['password2']) {
$didNotMatch = TRUE;
}
if ($authenticated && $_POST['password1'] == $_POST['password2']) {
// Change the password stored in administrators.xml related to this users login.
$account->changePassword($_SESSION['login'], $_POST['password1']);
// Since the password has changed we will log the user out to clear older session variables.
$account->logout();
}
}
require_once 'includes/header.inc.php';
/////////////////////
// BEGIN HTML BODY //
if ($_SESSION['firstLogin'] && !$common->postBack()) {
?>
<div id="first-login-modal" class="modal fade in" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-body">
<strong>First time login detected.</strong><br />
You must change the default password before continuing.
$validToken = TRUE;
// Check the length of the password.
$tooShort = TRUE;
if (isset($_POST['password1']) && strlen($_POST['password1']) >= $settings::sec_length) {
$tooShort = FALSE;
}
// Check that the supplied new passwords match.
$notMatching = TRUE;
if ($_POST['password1'] == $_POST['password2']) {
$notMatching = FALSE;
}
// If everything associated with passwords is validated change the password.
if (!$tooShort && !$notMatching) {
// Change the password stored in administrators.xml related to this users login.
$account->setToken($login);
$account->changePassword($login, password_hash($_POST['password1'], PASSWORD_DEFAULT));
header("Location: login.php");
}
}
}
/////////////////////
// BEGIN HTML BODY //
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title></title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" />
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css" />
<link rel="stylesheet" href="assets/css/reset.css" />
// Check the length of the password.
$tooShort = TRUE;
if (isset($_POST['password1']) && strlen($_POST['password1']) >= $settings::sec_length) {
$tooShort = FALSE;
}
// Check that the supplied new passwords match.
$notMatching = TRUE;
if ($_POST['password1'] == $_POST['password2']) {
$notMatching = FALSE;
}
// Check that the supplied current password matches that which is stored.
$authenticated = $account->authenticate($_SESSION['login'], $_POST['password'], FALSE, FALSE);
// If everything associated with passwords is validated change the password.
if (!$tooShort && !$notMatching && $authenticated) {
// Change the password stored in administrators.xml related to this users login.
$account->changePassword($_SESSION['login'], password_hash($_POST['password1'], PASSWORD_DEFAULT));
$passwordChanged = TRUE;
}
}
// If validation passed make the requested changes to the administrator account data.
if ($nameSupplied && $validEmail) {
$account->changeName($_SESSION['login'], $_POST['name']);
$account->changeEmail($_SESSION['login'], $_POST['email']);
$updated = TRUE;
}
// Since the password has changed we will log the user out to clear older session variables.
if ($passwordChanged) {
$account->logout();
}
}
require_once 'includes/header.inc.php';
