示例#1
0
文件: profile.php 项目: kamy333/rajah
//$id=3;
//echo "csrf_token_time.$id--".$_SESSION['csrf_token_time'.$id];
//echo "<br>";
//echo "csrf_token.$id--".$_SESSION['csrf_token'.$id];
//echo "</div>";
if (request_is_post() && request_is_same_domain()) {
    if (!csrf_token_is_valid(1) || !csrf_token_is_recent(1)) {
        $message = "Sorry, request was not valid 1.";
    } else {
        if (isset($_POST['submit']) && $_POST['submit'] === "Update Password") {
            //            var_dump($_POST);
            $user = UpdateUserProfile::find_by_id($session->user_id);
            //validation
            $valid = new formValidation();
            $valid->validate_presences(array("password", 'new_password', 'confirm_password'));
            $valid->is_equal('new_password', 'confirm_password');
            $valid->validate_min_lengths(array('new_password' => 4));
            $user->password = trim($_POST["password"]);
            $user->new_password = trim($_POST["new_password"]);
            $user->confirm_password = trim($_POST["confirm_password"]);
            if ($user->match_password()) {
                //            echo "yes match";
                //                $valid->warnings['existing_password']="******";
                //            echo $user->get_hashed_password();
                if ($user->new_password === $user->confirm_password) {
                    //                    $valid->warnings['xxxx']="OK same password new and confirm";
                    if (empty($valid->errors)) {
                        $user->password = $user->new_password;
                        $user->crypt_password();
                        if (!$user->save()) {
                            $session->message($user->username . " " . "Your password has been updated for (" . $user->username . ")");