function change_password() { global $colors; $change_result = 1; $user_realms = api_user_realms_list($_SESSION["sess_user_id"]); /* check if authorized */ if ($user_realms["18"]["value"] == "1") { /* check passwords */ if ((!empty($_POST["password_old"])) && (!empty($_POST["password_new"])) && (!empty($_POST["password_new_confirm"]))) { if ($_POST["password_new"] != $_POST["password_new_confirm"]) { /* New passwords do not match */ raise_message(4); }else{ $change_result = api_user_changepassword($_SESSION["sess_user_id"],$_POST["password_new"],$_POST["password_old"]); if ($change_result == "0") { /* Password changed successfully */ raise_message(11); /* Log password change */ $username = db_fetch_cell("select username from user_auth where id=" . $_SESSION["sess_user_id"]); log_save(_("CHANGEPASSWORD: Password change successful"), SEV_INFO, FACIL_AUTH); }elseif ($change_result == "2") { /* Authentication failure for old password */ raise_message(8); log_save(_("CHANGEPASSWORD: Authenication failure on old password"), SEV_WARNING, FACIL_AUTH); }else{ /* General error changing password */ raise_message(9); log_save(_("CHANGEPASSWORD: General Error unable to change password"), SEV_ERROR, FACIL_AUTH); } } }else{ /* error empty fields */ raise_message(10); } } require_once(CACTI_BASE_PATH . "/include/top_header.php"); if ($user_realms["18"]["value"] != "1") { /* Access Denied */ display_custom_error_message("Access Denied."); } require_once(CACTI_BASE_PATH . "/include/bottom_footer.php"); }
$old_password = false; /* set default action */ if (!isset($_REQUEST["action"])) { $_REQUEST["action"] = ""; } if (!$access_denied) { switch ($_REQUEST["action"]) { case 'changepassword': if (api_user_info(array("id" => $_SESSION["sess_user_id"], "password" => md5($_POST["password"])))) { $old_password = true; } else { if ($_POST["password"] == $_POST["confirm"] && $_POST["password"] != "") { /* Log password change */ log_save(_("CHANGEPASSWORD: Password change successful"), SEV_INFO, FACIL_AUTH); /* change password */ api_user_changepassword($_SESSION["sess_user_id"], $_POST["password"]); kill_session_var("sess_change_password"); /* ok, at the point the user has been successfully authenticated; so we must decide what to do next */ /* if no console permissions show graphs otherwise, pay attention to user setting */ $user_realms = api_user_realms_list($_SESSION["sess_user_id"]); if ($user_realms[$user_auth_realm_filenames["index.php"]]["value"] == "1") { switch ($user["login_opts"]) { case '1': /* referer */ header("Location: " . $_POST["ref"]); break; case '2': /* default console page */ header("Location: index.php"); break;