return; } $user_id = Token::getOwner('activation_code', $this->token); if (!$user_id) { throw new \Exception('token dont exist'); } if ($session->id && $user_id != $session->id) { throw new \Exception('HACKER stop doing that!'); } if ($session->id) { echo '<div class="critical">You are already logged in! Are you sure you want to reset your password?</div>'; } if (isset($_POST['reset_pwd']) && isset($_POST['reset_pwd2'])) { /// TODO reuse code from register user if ($_POST['reset_pwd'] == $_POST['reset_pwd2']) { UserHandler::setPassword($user_id, $_POST['reset_pwd']); $session->login($user->name, $_POST['reset_pwd']); echo '<div class="okay">Your password has been reset. You have been logged in.</div>'; // delete consumed token Token::delete($user_id, 'activation_code'); return; } else { $error->add('The passwords dont match'); } } echo $error->render(true); echo 'Reset password for user <b>' . $user->name . '</b>'; $header->registerJsFunction('function validate_reset_pwd_form(frm)' . '{' . 'if (!frm.reset_pwd.value||!frm.reset_pwd2.value)' . 'return false;' . 'return true;' . '}'); //XXXX use XhtmlForm class, it needs a way to show the images first echo xhtmlForm('reg_frm', '', '', '', 'return validate_reset_pwd_form(this);'); echo '<table cellpadding="2">';
function handleEditPassword($p) { $error = ErrorHandler::getInstance(); $session = SessionHandler::getInstance(); $u = User::getExact($session->type, $session->id, $session->username, $p['curr_pwd']); if (!$u) { $error->add('Current password is not correct'); return false; } if ($p['new_pwd'] != $p['new_pwd2']) { $error->add('passwords dont match'); return false; } if (!$p['new_pwd']) { $error->add('no password entered'); return false; } UserHandler::setPassword($session->id, $p['new_pwd']); js_redirect('u/edit'); }
} echo 'Last IP: ' . $user->last_ip . '<br/>'; echo '<br/>'; if ($session->id != $this->owner && isset($_GET['remove'])) { if (confirmed('Are you sure you want to remove this user?')) { $user->remove(); echo '<div class="item">User removed</div>'; } return; } if (!empty($_POST['change_pwd'])) { if (Password::isForbidden($_POST['change_pwd'])) { echo '<div class="item">Weak password was chosen, password has not been changed!</div>'; return; } UserHandler::setPassword($user->id, $_POST['change_pwd']); echo '<div class="item">Password changed!</div>'; return; } if (!empty($_POST['setting_name']) && isset($_POST['setting_val'])) { UserSetting::set($user->id, $_POST['setting_name'], $_POST['setting_val']); echo '<div class="good">Setting added!</div>'; } if (!empty($_GET['remove_setting'])) { UserSetting::delete($user->id, $_GET['remove_setting']); echo '<div class="good">Setting removed!</div>'; } // save changes in edited settings if (!empty($_POST)) { $settings = UserSetting::getAll($user->id); foreach ($settings as $set) {