function Page_Main()
{
global $conn, $Language, $Security, $gsFormError;
global $Breadcrumb;
$Breadcrumb = new cBreadcrumb();
$Breadcrumb->Add("changepwd", "ChangePwdPage", ew_CurrentUrl(), "", "", TRUE);
$bPostBack = ew_IsHttpPost();
$bValidate = TRUE;
if ($bPostBack) {
$this->OldPassword = ew_StripSlashes(@$_POST["opwd"]);
$this->NewPassword = ew_StripSlashes(@$_POST["npwd"]);
$this->ConfirmedPassword = ew_StripSlashes(@$_POST["cpwd"]);
$bValidate = $this->ValidateForm($this->OldPassword, $this->NewPassword, $this->ConfirmedPassword);
if (!$bValidate) {
$this->setFailureMessage($gsFormError);
}
}
$bPwdUpdated = FALSE;
if ($bPostBack && $bValidate) {
// Setup variables
$sUsername = $Security->CurrentUserName();
$sFilter = str_replace("%u", ew_AdjustSql($sUsername), EW_USER_NAME_FILTER);
// Set up filter (Sql Where Clause) and get Return SQL
// SQL constructor in usuarios class, usuariosinfo.php
$this->CurrentFilter = $sFilter;
$sSql = $this->SQL();
if ($rs = $conn->Execute($sSql)) {
if (!$rs->EOF) {
$rsold = $rs->fields;
if (ew_ComparePassword($rsold['contrasenia'], $this->OldPassword)) {
$bValidPwd = TRUE;
$bValidPwd = $this->User_ChangePassword($rsold, $sUsername, $this->OldPassword, $this->NewPassword);
if ($bValidPwd) {
$rsnew = array('contrasenia' => $this->NewPassword);
// Change Password
$sEmail = $rsold['email'];
$rs->Close();
$conn->raiseErrorFn = $GLOBALS["EW_ERROR_FN"];
$bValidPwd = $this->Update($rsnew);
$conn->raiseErrorFn = '';
if ($bValidPwd) {
$bPwdUpdated = TRUE;
}
} else {
$this->setFailureMessage($Language->Phrase("InvalidNewPassword"));
$rs->Close();
}
} else {
$this->setFailureMessage($Language->Phrase("InvalidPassword"));
}
} else {
$rs->Close();
}
}
}
if ($bPwdUpdated) {
if (@$sEmail != "") {
// Load Email Content
$Email = new cEmail();
$Email->Load("phptxt/changepwd.txt");
$Email->ReplaceSender(EW_SENDER_EMAIL);
// Replace Sender
$Email->ReplaceRecipient($sEmail);
// Replace Recipient
$Email->ReplaceContent('<!--$Password-->', $this->NewPassword);
$Email->Charset = EW_EMAIL_CHARSET;
$Args = array();
$Args["rs"] =& $rsnew;
$bEmailSent = FALSE;
if ($this->Email_Sending($Email, $Args)) {
$bEmailSent = $Email->Send();
}
// Send email failed
if (!$bEmailSent) {
$this->setFailureMessage($Email->SendErrDescription);
}
}
if ($this->getSuccessMessage() == "") {
$this->setSuccessMessage($Language->Phrase("PasswordChanged"));
}
// Set up success message
$this->Page_Terminate("index.php");
// Exit page and clean up
}
}
function Page_Main()
{
global $UserTableConn, $Language, $Security, $gsFormError;
global $Breadcrumb;
$Breadcrumb = new cBreadcrumb();
$Breadcrumb->Add("changepwd", "ChangePwdPage", ew_CurrentUrl(), "", "", TRUE);
$bPostBack = ew_IsHttpPost();
$bValidate = TRUE;
if ($bPostBack) {
$this->OldPassword = ew_StripSlashes(@$_POST["opwd"]);
$this->NewPassword = ew_StripSlashes(@$_POST["npwd"]);
$this->ConfirmedPassword = ew_StripSlashes(@$_POST["cpwd"]);
$bValidate = $this->ValidateForm($this->OldPassword, $this->NewPassword, $this->ConfirmedPassword);
if (!$bValidate) {
$this->setFailureMessage($gsFormError);
}
}
$bPwdUpdated = FALSE;
if ($bPostBack && $bValidate) {
// Setup variables
$sUsername = $Security->CurrentUserName();
if (IsPasswordReset()) {
$sUsername = $_SESSION[EW_SESSION_USER_PROFILE_USER_NAME];
}
$sFilter = str_replace("%u", ew_AdjustSql($sUsername, EW_USER_TABLE_DBID), EW_USER_NAME_FILTER);
// Set up filter (Sql Where Clause) and get Return SQL
// SQL constructor in user class, userinfo.php
$this->CurrentFilter = $sFilter;
$sSql = $this->SQL();
if ($rs = $UserTableConn->Execute($sSql)) {
if (!$rs->EOF) {
$rsold = $rs->fields;
if (IsPasswordReset() || ew_ComparePassword($rsold['PASS'], $this->OldPassword)) {
$bValidPwd = TRUE;
if (!IsPasswordReset()) {
$bValidPwd = $this->User_ChangePassword($rsold, $sUsername, $this->OldPassword, $this->NewPassword);
}
if ($bValidPwd) {
$rsnew = array('PASS' => $this->NewPassword);
// Change Password
$rs->Close();
$UserTableConn->raiseErrorFn = $GLOBALS["EW_ERROR_FN"];
$bValidPwd = $this->Update($rsnew);
$UserTableConn->raiseErrorFn = '';
if ($bValidPwd) {
$bPwdUpdated = TRUE;
}
} else {
$this->setFailureMessage($Language->Phrase("InvalidNewPassword"));
$rs->Close();
}
} else {
$this->setFailureMessage($Language->Phrase("InvalidPassword"));
}
} else {
$rs->Close();
}
}
}
if ($bPwdUpdated) {
if ($this->getSuccessMessage() == "") {
$this->setSuccessMessage($Language->Phrase("PasswordChanged"));
}
// Set up success message
if (IsPasswordReset()) {
$_SESSION[EW_SESSION_STATUS] = "";
$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = "";
}
$this->Page_Terminate("index.php");
// Exit page and clean up
}
}
function ValidateUser(&$usr, &$pwd, $autologin)
{
global $conn, $Language;
global $UserTable;
$ValidateUser = FALSE;
$CustomValidateUser = FALSE;
// Call User Custom Validate event
if (EW_USE_CUSTOM_LOGIN) {
$CustomValidateUser = $this->User_CustomValidate($usr, $pwd);
if ($CustomValidateUser) {
$_SESSION[EW_SESSION_STATUS] = "login";
$this->setCurrentUserName($usr);
// Load user name
}
}
// Check hard coded admin first
if (!$ValidateUser) {
if (EW_CASE_SENSITIVE_PASSWORD) {
$ValidateUser = !$CustomValidateUser && EW_ADMIN_USER_NAME == $usr && EW_ADMIN_PASSWORD == $pwd || $CustomValidateUser && EW_ADMIN_USER_NAME == $usr;
} else {
$ValidateUser = !$CustomValidateUser && strtolower(EW_ADMIN_USER_NAME) == strtolower($usr) && strtolower(EW_ADMIN_PASSWORD) == strtolower($pwd) || $CustomValidateUser && strtolower(EW_ADMIN_USER_NAME) == strtolower($usr);
}
if ($ValidateUser) {
$_SESSION[EW_SESSION_STATUS] = "login";
$_SESSION[EW_SESSION_SYS_ADMIN] = 1;
// System Administrator
$this->setCurrentUserName("Administrator");
// Load user name
$this->setSessionUserID(-1);
// System Administrator
}
}
// Check other users
if (!$ValidateUser) {
$sFilter = str_replace("%u", ew_AdjustSql($usr), EW_USER_NAME_FILTER);
$sFilter .= " AND " . EW_USER_ACTIVATE_FILTER;
// Set up filter (SQL WHERE clause) and get return SQL
// SQL constructor in <UserTable> class, <UserTable>info.php
$sSql = $UserTable->GetSQL($sFilter, "");
if ($rs = $conn->Execute($sSql)) {
if (!$rs->EOF) {
$ValidateUser = $CustomValidateUser || ew_ComparePassword($rs->fields('contrasenia'), $pwd);
if ($ValidateUser) {
$_SESSION[EW_SESSION_STATUS] = "login";
$_SESSION[EW_SESSION_SYS_ADMIN] = 0;
// Non System Administrator
$this->setCurrentUserName($rs->fields('usuario'));
// Load user name
$this->setSessionUserID($rs->fields('codigo'));
// Load User ID
$this->setSessionParentUserID($rs->fields('codigo'));
// Load parent User ID
// Call User Validated event
$row = $rs->fields;
$this->User_Validated($row);
}
}
$rs->Close();
}
}
if ($CustomValidateUser) {
return $CustomValidateUser;
}
if (!$ValidateUser && !IsPasswordExpired()) {
$_SESSION[EW_SESSION_STATUS] = "";
}
// Clear login status
return $ValidateUser;
}
function ValidateUser(&$usr, &$pwd, $autologin)
{
global $conn, $Language;
global $UserTable;
$ValidateUser = FALSE;
$CustomValidateUser = FALSE;
// Call User Custom Validate event
if (EW_USE_CUSTOM_LOGIN) {
$CustomValidateUser = $this->User_CustomValidate($usr, $pwd);
if ($CustomValidateUser) {
$_SESSION[EW_SESSION_STATUS] = "login";
$this->setCurrentUserName($usr);
// Load user name
}
}
// Check other users
if (!$ValidateUser) {
$sFilter = str_replace("%u", ew_AdjustSql($usr), EW_USER_NAME_FILTER);
// Set up filter (SQL WHERE clause) and get return SQL
// SQL constructor in <UserTable> class, <UserTable>info.php
$sSql = $UserTable->GetSQL($sFilter, "");
if ($rs = $conn->Execute($sSql)) {
if (!$rs->EOF) {
$ValidateUser = $CustomValidateUser || ew_ComparePassword($rs->fields('Password'), $pwd);
if ($ValidateUser) {
$_SESSION[EW_SESSION_STATUS] = "login";
$_SESSION[EW_SESSION_SYS_ADMIN] = 0;
// Non System Administrator
$this->setCurrentUserName($rs->fields('UserName'));
// Load user name
// Call User Validated event
$row = $rs->fields;
$this->User_Validated($row);
}
}
$rs->Close();
}
}
if ($CustomValidateUser) {
return $CustomValidateUser;
}
if (!$ValidateUser && !IsPasswordExpired()) {
$_SESSION[EW_SESSION_STATUS] = "";
}
// Clear login status
return $ValidateUser;
}
