protected function action_set() { $userid = $this->userid(true); $security = new Security(); if ($security->check_password($userid, $_POST['pw-old'], $expired)) { if ($_POST['pw-new1'] == $_POST['pw-new2']) { if ($_POST['pw-new1'] == $_POST['pw-old']) { $this->message('New password must be different'); } else { if (YUBIKEY && !$this->set_yubikey()) { return; } $this->hide_request(); $security->set_password($userid, $_POST['pw-new1']); unset($_SESSION['expired']); $this->message('Password was changed', true); $this->button('Login', null, 'login.php'); } } else { $this->message('New and repeated passwords do not match'); } } else { $this->message('Invalid existing password'); } }
private function set_temp_password($userid) { $tmp = bin2hex(openssl_random_pseudo_bytes(6)); $security = new Security(); if ($security->set_password($userid, $tmp, true)) { return $tmp; } return null; }