* SECOND PART * * Update the passwords. */ if (isset($_POST['password']) && isset($_POST['cpassword']) && isset($_POST['key']) && isset($_POST['userid']) && $_POST['password'] === $_POST['cpassword']) { // get email of user $sql = "SELECT email FROM users WHERE userid = :userid"; $req = $pdo->prepare($sql); $req->bindParam(':userid', $_POST['userid'], PDO::PARAM_INT); $req->execute(); // Validate key if ($req->fetchColumn() != $crypto->decrypt($_POST['key'])) { die('Bad key.'); } // Get userid if (filter_var($_POST['userid'], FILTER_VALIDATE_INT)) { $userid = $_POST['userid']; } else { die(_("Userid is not valid.")); } // Replace new password in database if ($user->updatePassword($_POST['password'], $userid)) { dblog('Info', $userid, 'Password was changed for this user.'); $msg_arr[] = _('New password updated. You can now login.'); $_SESSION['infos'] = $msg_arr; } else { $msg_arr[] = sprintf(_("There was an unexpected problem! Please %sopen an issue on GitHub%s if you think this is a bug.") . "<br>E#452A" . $error, "<a href='https://github.com/elabftw/elabftw/issues/'>", "</a>"); $_SESSION['errors'] = $msg_arr; } header("location: ../login.php"); }
} else { $website = null; } // PASSWORD CHANGE if (isset($_POST['cnewpass']) && !empty($_POST['cnewpass']) && isset($_POST['newpass']) && !empty($_POST['newpass'])) { $password = $_POST['newpass']; $cpassword = $_POST['cnewpass']; // check confirmation password if (strcmp($password, $cpassword) != 0) { $msg_arr[] = _('The passwords do not match!'); $errflag = true; } // update the password only if there is no error before if (!$errflag) { try { $user->updatePassword($password); } catch (Exception $e) { $msg_arr[] = $e->getMessage(); $errflag = true; } } } // MAIN SQL if (!$errflag) { // SQL for update preferences $sql = "UPDATE users SET\n email = :email,\n username = :username,\n firstname = :firstname,\n lastname = :lastname,\n phone = :phone,\n cellphone = :cellphone,\n skype = :skype,\n website = :website\n WHERE userid = :userid"; $req = $pdo->prepare($sql); $result = $req->execute(array('email' => $email, 'username' => $username, 'firstname' => $firstname, 'lastname' => $lastname, 'phone' => $phone, 'cellphone' => $cellphone, 'skype' => $skype, 'website' => $website, 'userid' => $_SESSION['userid'])); if ($result) { $msg_arr[] = _('Profile updated.'); } else {