/branches/2.8.x/wb/account/password.php - Diff - WB 2.08.x - Tracking

« Previous | Next »

Revision 1508

Added by Dietmar almost 13 years ago

fixed print_error exit in frontend account

     // Must include code to stop this file being access directly
     if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
     // Get the values entered
     $current_password = $_POST['current_password'];
     $new_password = $_POST['new_password'];
     $new_password2 = $_POST['new_password2'];
     // Create a javascript back link
     $js_back = WB_URL.'/account/preferences.php';
     /*
     if (!$wb->checkFTAN())
+    {
     	$wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back, false);
     	exit();
+    }
     */
     // Get entered values
     	$current_password = $wb->get_post('current_password');
     	$new_password = $wb->get_post('new_password');
     	$new_password2 = $wb->get_post('new_password2');
     // Get existing password
     // $database = new database();
     $query = "SELECT user_id FROM ".TABLE_PREFIX."users WHERE user_id = '".$wb->get_user_id()."' AND password = '".md5($current_password)."'";
     $results = $database->query($query);
     	$sql = "SELECT `user_id` FROM `".TABLE_PREFIX."users` WHERE `user_id` = ".$wb->get_user_id()." AND `password` = '".md5($current_password)."'";
     	$rowset = $database->query($sql);
     // Validate values
     if($results->numRows() == 0) {
     	$wb->print_error($MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT'], $js_back, false);
+    }
     if(strlen($new_password) < 3) {
     	$wb->print_error($MESSAGE['USERS']['PASSWORD_TOO_SHORT'], $js_back, false);
+    }
     if($new_password != $new_password2) {
     	$wb->print_error($MESSAGE['USERS']['PASSWORD_MISMATCH'], $js_back, false);
+    }
     	if($rowset->numRows() == 0) {
     		$error[] = $MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT'];
     	}else {
     		if(strlen($new_password) < 3) {
     			$error[] = $MESSAGE['USERS']['PASSWORD_TOO_SHORT'];
     		}else {
     			if($new_password != $new_password2) {
     				$error[] = $MESSAGE['USERS']['PASSWORD_MISMATCH'];
     			}else {
     // MD5 the password
     $md5_password = md5($new_password);
     				$md5_password = md5($new_password);
     // Update the database
     // $database = new database();
     $query = "UPDATE ".TABLE_PREFIX."users SET password = '$md5_password' WHERE user_id = '".$wb->get_user_id()."'";
     $database->query($query);
     if($database->is_error()) {
     	$wb->print_error($database->get_error, $js_back, false);
     } else {
     	$wb->print_success($MESSAGE['PREFERENCES']['PASSWORD_CHANGED']);
+    }
     				$sql = "UPDATE `".TABLE_PREFIX."users` SET `password` = '".$md5_password."' WHERE `user_id` = ".$wb->get_user_id();
     				$database->query($sql);
     				if($database->is_error()) {
     					$error[] = $database->get_error();
     				} else {
     					$success[] = $MESSAGE['PREFERENCES']['PASSWORD_CHANGED'];
+    				}
+    			}
+    		}
+    	}

Also available in: Unified diff

Project

General

Profile

WB 2.08.x

Revision 1508

Added by Dietmar almost 13 years ago