protected function action_set()
{
$userid = $this->userid(true);
$security = new Security();
if ($security->check_password($userid, $_POST['pw-old'], $expired)) {
if ($_POST['pw-new1'] == $_POST['pw-new2']) {
if ($_POST['pw-new1'] == $_POST['pw-old']) {
$this->message('New password must be different');
} else {
if (YUBIKEY && !$this->set_yubikey()) {
return;
}
$this->hide_request();
$security->set_password($userid, $_POST['pw-new1']);
unset($_SESSION['expired']);
$this->message('Password was changed', true);
$this->button('Login', null, 'login.php');
}
} else {
$this->message('New and repeated passwords do
not match');
}
} else {
$this->message('Invalid existing password');
}
}
protected function pre_action_login()
{
$userid = $_POST['userid'];
$security = new Security();
if ($security->check_password($userid, $_POST['pw'], $expired)) {
$this->login_phase1($userid);
if ($expired) {
$_SESSION['expired'] = true;
$security->store_verification($userid, 0);
}
$this->transfer('loginverify.php', array('action_start' => '1'));
} else {
Sleep(2);
$this->transfer('login.php', array('msg' => 'User ID and/or password are invalid'));
}
}
