if (!$account->isAuthenticated()) { // The user is not logged in so forward them to the login page. header("Location: login.php?origin=" . urlencode('account.php')); } if ($common->postBack()) { // Check that the user supplied a password matching the one currently stored in administrators.xml. $authenticated = $account->authenticate($_SESSION['login'], $_POST['password'], FALSE, FALSE); if (!$authenticated) { $passwordIncorrect = TRUE; } if ($_POST['password1'] != $_POST['password2']) { $didNotMatch = TRUE; } if ($authenticated && $_POST['password1'] == $_POST['password2']) { // Change the password stored in administrators.xml related to this users login. $account->changePassword($_SESSION['login'], $_POST['password1']); // Since the password has changed we will log the user out to clear older session variables. $account->logout(); } } require_once 'includes/header.inc.php'; ///////////////////// // BEGIN HTML BODY // if ($_SESSION['firstLogin'] && !$common->postBack()) { ?> <div id="first-login-modal" class="modal fade in" role="dialog"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-body"> <strong>First time login detected.</strong><br /> You must change the default password before continuing.
$validToken = TRUE; // Check the length of the password. $tooShort = TRUE; if (isset($_POST['password1']) && strlen($_POST['password1']) >= $settings::sec_length) { $tooShort = FALSE; } // Check that the supplied new passwords match. $notMatching = TRUE; if ($_POST['password1'] == $_POST['password2']) { $notMatching = FALSE; } // If everything associated with passwords is validated change the password. if (!$tooShort && !$notMatching) { // Change the password stored in administrators.xml related to this users login. $account->setToken($login); $account->changePassword($login, password_hash($_POST['password1'], PASSWORD_DEFAULT)); header("Location: login.php"); } } } ///////////////////// // BEGIN HTML BODY // ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8" /> <title></title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" /> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css" /> <link rel="stylesheet" href="assets/css/reset.css" />
// Check the length of the password. $tooShort = TRUE; if (isset($_POST['password1']) && strlen($_POST['password1']) >= $settings::sec_length) { $tooShort = FALSE; } // Check that the supplied new passwords match. $notMatching = TRUE; if ($_POST['password1'] == $_POST['password2']) { $notMatching = FALSE; } // Check that the supplied current password matches that which is stored. $authenticated = $account->authenticate($_SESSION['login'], $_POST['password'], FALSE, FALSE); // If everything associated with passwords is validated change the password. if (!$tooShort && !$notMatching && $authenticated) { // Change the password stored in administrators.xml related to this users login. $account->changePassword($_SESSION['login'], password_hash($_POST['password1'], PASSWORD_DEFAULT)); $passwordChanged = TRUE; } } // If validation passed make the requested changes to the administrator account data. if ($nameSupplied && $validEmail) { $account->changeName($_SESSION['login'], $_POST['name']); $account->changeEmail($_SESSION['login'], $_POST['email']); $updated = TRUE; } // Since the password has changed we will log the user out to clear older session variables. if ($passwordChanged) { $account->logout(); } } require_once 'includes/header.inc.php';