protected function action_set() { $userid = $this->userid(true); $security = new Security(); if ($security->check_password($userid, $_POST['pw-old'], $expired)) { if ($_POST['pw-new1'] == $_POST['pw-new2']) { if ($_POST['pw-new1'] == $_POST['pw-old']) { $this->message('New password must be different'); } else { if (YUBIKEY && !$this->set_yubikey()) { return; } $this->hide_request(); $security->set_password($userid, $_POST['pw-new1']); unset($_SESSION['expired']); $this->message('Password was changed', true); $this->button('Login', null, 'login.php'); } } else { $this->message('New and repeated passwords do not match'); } } else { $this->message('Invalid existing password'); } }
protected function pre_action_login() { $userid = $_POST['userid']; $security = new Security(); if ($security->check_password($userid, $_POST['pw'], $expired)) { $this->login_phase1($userid); if ($expired) { $_SESSION['expired'] = true; $security->store_verification($userid, 0); } $this->transfer('loginverify.php', array('action_start' => '1')); } else { Sleep(2); $this->transfer('login.php', array('msg' => 'User ID and/or password are invalid')); } }