|
reSIProcate/repro
9694
|
00001 <?php 00002 require('reprofunctions.php'); 00003 dbgSquirt("============= Update Password ==============="); 00004 00005 // check that the user has authenticated 00006 $result = checkCookies($forceLogin,$error,FALSE); 00007 if (!($result) || $forceLogin) { 00008 // we got an error back that occurred while checkCookies was being run, 00009 // or authentication failed. Either way, bounce them back to the login screen 00010 dbgSquirt("Authentication failed"); 00011 header("Location: http://" . $_SERVER['HTTP_HOST'] . 00012 dirname($_SERVER['PHP_SELF']) . 00013 "/index.php?error=$error"); 00014 exit; 00015 } 00016 $username = $_COOKIE['user']; 00017 00018 // check if we got to this page due to a submit or a cancel 00019 dbgSquirt("Checking for cancel"); 00020 if ("Cancel" == $_POST['submit']) { 00021 dbgSquirt("...cancel"); 00022 header("Location: http://" . $_SERVER['HTTP_HOST'] . 00023 dirname($_SERVER['PHP_SELF']) . 00024 "/userhome.php"); 00025 exit; 00026 } 00027 00028 // verify that a new password was provided via POST (and retyped) 00029 dbgSquirt("Checking post"); 00030 if (!isset($_POST['current']) || !isset($_POST['newpassword']) || 00031 !isset($_POST['newpassword2'])) { 00032 // error .. no post variables provided ... possibly because they've jumped 00033 // directly to this page? 00034 dbgSquirt("...not set"); 00035 header("Location: http://" . $_SERVER['HTTP_HOST'] . 00036 dirname($_SERVER['PHP_SELF']) . 00037 "/changepassword.php?error=No new password was provided. Please enter one and click Save. If this error reoccurs, contact an administrator."); 00038 exit; 00039 } 00040 00041 // verify that the new password is non-blank 00042 $newPassword = $_POST['newpassword']; 00043 dbgSquirt("Checking blank -- $newPassword"); 00044 if (empty($newPassword)) { 00045 // error ... requested password is blank... bounce them back to change 00046 // password page 00047 dbgSquirt("...Empty"); 00048 header("Location: http://" . $_SERVER['HTTP_HOST'] . 00049 dirname($_SERVER['PHP_SELF']) . 00050 "/changepassword.php?error=The new password must not be blank."); 00051 exit; 00052 } 00053 00054 // verify that the retype of the new password matches 00055 $newPassword2 = $_POST['newpassword2']; 00056 dbgSquirt("Checking match -- $newPassword and $newPassword2"); 00057 if ($newPassword != $newPassword2) { 00058 // error ... password entries don't match... bounce them back to change 00059 // password page 00060 dbgSquirt("...NO. Don't match"); 00061 header("Location: http://" . $_SERVER['HTTP_HOST'] . 00062 dirname($_SERVER['PHP_SELF']) . 00063 "/changepassword.php?error=Password and retyped password don't match"); 00064 exit; 00065 } 00066 00067 // verify that the new password is actually different 00068 $currentPassword = $_POST['current']; 00069 dbgSquirt("Checking that new password is different -- $newPassword and $currentPassword"); 00070 if ($newPassword == $currentPassword) { 00071 // error ... password entries shouldn't match ... what's the point of changing 00072 dbgSquirt("Trying to reuse the current password"); 00073 header("Location: http://" . $_SERVER['HTTP_HOST'] . 00074 dirname($_SERVER['PHP_SELF']) . 00075 "/changepassword.php?error=The new password is the same as the existing password."); 00076 exit; 00077 } 00078 00079 // make sure the current password they entered matches 00080 $encryptedPassword = createPassword($username,$currentPassword); 00081 $result = validateUser($username,$encryptedPassword); 00082 dbgSquirt("Verifying current password"); 00083 if ("A" != $result) { 00084 // either didn't match, or user is unverified or disabled 00085 // only way a user should end up here and be unverified or disabled is if 00086 // an admin changed their account status in the middle of a session. 00087 // but we'll check for it anyway... 00088 dbgSquirt("...doesn't match an active user"); 00089 header("Location: http://" . $_SERVER['HTTP_HOST'] . 00090 dirname($_SERVER['PHP_SELF']) . 00091 "/changepassword.php?error=Current password doesn't match an active user. Please try again. If you receive this error again, contact an administrator."); 00092 exit; 00093 00094 } 00095 00096 // update the password for this user with the provided value 00097 $encryptedPassword = createPassword($username,$newPassword); 00098 00099 if (updatePassword($username,$encryptedPassword)) { 00100 // update successful 00101 $title = "Password changed"; 00102 $heading = "Password changed"; 00103 $msg = "Password successfully updated."; 00104 } else { 00105 // update failed 00106 $title = "Error while changing password"; 00107 $heading = "Error while changing password"; 00108 $msg = "An error occurred while attempting to change your password. Please contact an administrator."; 00109 } 00110 ?> 00111 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 00112 00113 <!-- 00114 System: Repro 00115 File: updatepassword.php 00116 Purpose: Check permissions, verify requested change, and update password 00117 Author: S. Chanin 00118 --> 00119 <html> 00120 <head> 00121 <link rel="stylesheet" type="text/css" href="repro_style.css" /> 00122 <title><?php echo $title; ?></title> 00123 </head> 00124 00125 <body> 00126 <h1 class="title">Repro</h1> 00127 <h1><?php echo $heading; ?></h1> 00128 <hr /> 00129 <p><?php echo $msg; ?></p> 00130 <br /><hr /> 00131 <a href="userhome.php">Return to User Home</a><br /> 00132 <a href="logout.php">Logout</a><br /> 00133 00134 </body> 00135 </html>
1.7.5.1