} elseif (strlen($pass1) < $pass_length_min) { $msg = _('Password is not long enough. The minimum is ') . $pass_length_min . _(' characters'); } elseif (strlen($pass1) > $pass_length_max) { $msg = _('Password is too long. The maximum is ') . $pass_length_max . _(' characters'); } elseif (!Session::pass_check_complexity($pass1)) { $msg = _('Password is not complex enough'); } elseif (count($recent_pass) > 0 && (in_array(md5($pass1), $recent_pass) || in_array(hash('sha256', $pass1), $recent_pass))) { $msg = _('This password is recently used. Try another'); } elseif (count($user_list = Session::get_list($conn, "WHERE login = '******' and pass = '******'")) > 0) { $msg = _('You must change your old password'); } else { $_SESSION['_user'] = $_SESSION['_backup_user']; unset($_SESSION['_backup_user']); $res = Session::change_pass($conn, $user, $pass1, $current_pass); if ($res > 0) { Session::disable_first_login($conn, $user); //Relogin user $session = new Session($user, $pass1, ''); $is_disabled = $session->is_user_disabled(); $login_return = FALSE; if ($is_disabled == FALSE) { $login_return = $session->login(); } if ($login_return != TRUE) { unset($_SESSION); // destroy session to force relogin session_destroy(); } header("location:../index.php"); } else { $msg = _('Current password does not match');