| 1 |
2
|
Manuela
|
<?php
|
| 2 |
|
|
/**
|
| 3 |
|
|
*
|
| 4 |
|
|
* @category frontend
|
| 5 |
|
|
* @package account
|
| 6 |
|
|
* @author WebsiteBaker Project
|
| 7 |
|
|
* @copyright 2009-2012, Website Baker Org. e.V.
|
| 8 |
|
|
* @link http://www.websitebaker2.org/
|
| 9 |
|
|
* @license http://www.gnu.org/licenses/gpl.html
|
| 10 |
|
|
* @platform WebsiteBaker 2.8.x
|
| 11 |
|
|
* @requirements PHP 5.2.2 and higher
|
| 12 |
|
|
* @version $Id$
|
| 13 |
|
|
* @filesource $HeadURL$
|
| 14 |
|
|
* @lastmodified $Date$
|
| 15 |
|
|
*
|
| 16 |
|
|
*/
|
| 17 |
|
|
|
| 18 |
|
|
// Must include code to stop this file being access directly
|
| 19 |
|
|
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
|
| 20 |
|
|
|
| 21 |
|
|
// Get entered values
|
| 22 |
|
|
$iMinPassLength = 6;
|
| 23 |
|
|
$sCurrentPassword = $wb->get_post('current_password');
|
| 24 |
|
|
$sCurrentPassword = (is_null($sCurrentPassword) ? '' : $sCurrentPassword);
|
| 25 |
|
|
$sNewPassword = $wb->get_post('new_password');
|
| 26 |
|
|
$sNewPassword = is_null($sNewPassword) ? '' : $sNewPassword;
|
| 27 |
|
|
$sNewPasswordRetyped = $wb->get_post('new_password2');
|
| 28 |
|
|
$sNewPasswordRetyped= is_null($sNewPasswordRetyped) ? '' : $sNewPasswordRetyped;
|
| 29 |
|
|
// Check existing password
|
| 30 |
|
|
$sql = 'SELECT `password` ';
|
| 31 |
|
|
$sql .= 'FROM `'.TABLE_PREFIX.'users` ';
|
| 32 |
|
|
$sql .= 'WHERE `user_id` = '.$wb->get_user_id();
|
| 33 |
|
|
// Validate values
|
| 34 |
|
|
if (md5($sCurrentPassword) != $database->get_one($sql)) {
|
| 35 |
|
|
$error[] = $MESSAGE['PREFERENCES_CURRENT_PASSWORD_INCORRECT'];
|
| 36 |
|
|
}else {
|
| 37 |
|
|
if(strlen($sNewPassword) < $iMinPassLength) {
|
| 38 |
|
|
$error[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT'];
|
| 39 |
|
|
}else {
|
| 40 |
|
|
if($sNewPassword != $sNewPasswordRetyped) {
|
| 41 |
|
|
$error[] = $MESSAGE['USERS_PASSWORD_MISMATCH'];
|
| 42 |
|
|
}else {
|
| 43 |
|
|
$pattern = '/[^'.$wb->password_chars.']/';
|
| 44 |
|
|
if (preg_match($pattern, $sNewPassword)) {
|
| 45 |
|
|
$error[] = $MESSAGE['PREFERENCES_INVALID_CHARS'];
|
| 46 |
|
|
}else {
|
| 47 |
|
|
// generate new password hash
|
| 48 |
|
|
$sPwHashNew = md5($sNewPassword);
|
| 49 |
|
|
// Update the database
|
| 50 |
|
|
$sql = 'UPDATE `'.TABLE_PREFIX.'users` '
|
| 51 |
|
|
. 'SET `password`=\''.$database->escapeString($sPwHashNew).'\' '
|
| 52 |
|
|
. 'WHERE `user_id`='.$wb->get_user_id();
|
| 53 |
|
|
if ($database->query($sql)) {
|
| 54 |
|
|
$success[] = $MESSAGE['PREFERENCES_PASSWORD_CHANGED'];
|
| 55 |
|
|
}else {
|
| 56 |
|
|
$error[] = $database->get_error();
|
| 57 |
|
|
}
|
| 58 |
|
|
}
|
| 59 |
|
|
}
|
| 60 |
|
|
}
|
| 61 |
|
|
}
|