/branches/2.8.x/wb/account/password.php - Diff - WB 2.08.x - Tracking

« Previous | Next »

Revision 1569

Added by darkviper over 12 years ago

possible errors on 'save password' fixed. Minimum length of password set to 6 chars

      * @category        frontend
      * @package         account
      * @author          WebsiteBaker Project
      * @copyright       2004-2009, Ryan Djurovich
      * @copyright       2009-2011, Website Baker Org. e.V.
      * @copyright       2009-2012, Website Baker Org. e.V.
      * @link			http://www.websitebaker2.org/
      * @license         http://www.gnu.org/licenses/gpl.html
      * @platform        WebsiteBaker 2.8.x
-...
     if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
     // Get entered values
     	$current_password = $wb->get_post('current_password');
     	$new_password = $wb->get_post('new_password');
     	$new_password2 = $wb->get_post('new_password2');
     // Get existing password
     	$sql = "SELECT `user_id` FROM `".TABLE_PREFIX."users` WHERE `user_id` = ".$wb->get_user_id()." AND `password` = '".md5($current_password)."'";
     	$rowset = $database->query($sql);
     	$iMinPassLength = 6;
     	$sCurrentPassword = $wb->get_post('current_password');
     	$sCurrentPassword = (is_null($sCurrentPassword) ? '' : $sCurrentPassword);
     	$sNewPassword = $wb->get_post('new_password');
     	$sNewPassword = is_null($sNewPassword) ? '' : $sNewPassword;
     	$sNewPasswordRetyped = $wb->get_post('new_password2');
     	$sNewPasswordRetyped= is_null($sNewPasswordRetyped) ? '' : $sNewPasswordRetyped;
     // Check existing password
     	$sql  = 'SELECT `password` ';
     	$sql .= 'FROM `'.TABLE_PREFIX.'users` ';
     	$sql .= 'WHERE `user_id` = '.$wb->get_user_id();
     // Validate values
     	if($rowset->numRows() == 0) {
     		$error[] = $MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT'];
     	if (md5($sCurrentPassword) != $database->get_one($sql)) {
     		$error[] = $MESSAGE['PREFERENCES_CURRENT_PASSWORD_INCORRECT'];
     	}else {
     		if(strlen($new_password) < 3) {
     			$error[] = $MESSAGE['USERS']['PASSWORD_TOO_SHORT'];
     		if(strlen($sNewPassword) < $iMinPassLength) {
     			$error[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT'];
     		}else {
     			if($new_password != $new_password2) {
     				$error[] = $MESSAGE['USERS']['PASSWORD_MISMATCH'];
     			if($sNewPassword != $sNewPasswordRetyped) {
     				$error[] = $MESSAGE['USERS_PASSWORD_MISMATCH'];
     			}else {
     // MD5 the password
     				$md5_password = md5($new_password);
     				$pattern = '/[^'.$wb->password_chars.']/';
     				if (preg_match($pattern, $sNewPassword)) {
     					$error[] = $MESSAGE['PREFERENCES_INVALID_CHARS'];
     				}else {
     // generate new password hash
     					$sPwHashNew = md5($sNewPassword);
     // Update the database
     				$sql = "UPDATE `".TABLE_PREFIX."users` SET `password` = '".$md5_password."' WHERE `user_id` = ".$wb->get_user_id();
     				$database->query($sql);
     				if($database->is_error()) {
     					$error[] = $database->get_error();
     				} else {
     					$success[] = $MESSAGE['PREFERENCES']['PASSWORD_CHANGED'];
     					$sql  = 'UPDATE `'.TABLE_PREFIX.'users` ';
     					$sql .= 'SET `password`=\''.$sPwHashNew.'\' ';
     					$sql .= 'WHERE `user_id`='.$wb->get_user_id();
     					if ($database->query($sql)) {
     						$success[] = $MESSAGE['PREFERENCES_PASSWORD_CHANGED'];
     					}else {
     						$error[] = $database->get_error();
+    					}
+    				}
+    			}
+    		}

Also available in: Unified diff

Project

General

Profile

WB 2.08.x

Revision 1569

Added by darkviper over 12 years ago