protected function action_set()
{
$userid = $this->userid(true);
$security = new Security();
if ($security->check_password($userid, $_POST['pw-old'], $expired)) {
if ($_POST['pw-new1'] == $_POST['pw-new2']) {
if ($_POST['pw-new1'] == $_POST['pw-old']) {
$this->message('New password must be different');
} else {
if (YUBIKEY && !$this->set_yubikey()) {
return;
}
$this->hide_request();
$security->set_password($userid, $_POST['pw-new1']);
unset($_SESSION['expired']);
$this->message('Password was changed', true);
$this->button('Login', null, 'login.php');
}
} else {
$this->message('New and repeated passwords do
not match');
}
} else {
$this->message('Invalid existing password');
}
}
private function set_temp_password($userid)
{
$tmp = bin2hex(openssl_random_pseudo_bytes(6));
$security = new Security();
if ($security->set_password($userid, $tmp, true)) {
return $tmp;
}
return null;
}
