major overhaul to change and remind password. This should fix outstanding issues, and clean up old TW code. It also reduced the lenght of the confirm URL so email apps are less likely to truncate it. If you need to change anything related to user password confirmation or changing, please check with spiderr first.

1 files changed, 23 insertions, 17 deletions

diff --git a/change_password.php b/change_password.php
index af69133..0130e26 100644
--- a/change_password.php
+++ b/change_password.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * $Header: /cvsroot/bitweaver/_bit_users/change_password.php,v 1.6 2006/08/23 08:29:29 jht001 Exp $
+ * $Header: /cvsroot/bitweaver/_bit_users/change_password.php,v 1.7 2006/09/12 19:26:48 spiderr Exp $
  *
  * Copyright (c) 2004 bitweaver.org
  * Copyright (c) 2003 tikwiki.org
@@ -8,7 +8,7 @@
  * All Rights Reserved. See copyright.txt for details and a complete list of authors.
  * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details
  *
- * $Id: change_password.php,v 1.6 2006/08/23 08:29:29 jht001 Exp $
+ * $Id: change_password.php,v 1.7 2006/09/12 19:26:48 spiderr Exp $
  * @package users
  * @subpackage functions
  */
@@ -23,36 +23,42 @@ if (!isset($_REQUEST["oldpass"]))
 	$_REQUEST["oldpass"] = '';
 if (!isset($_REQUEST["provpass"]))
 	$_REQUEST["provpass"] = '';
+
 $gBitSmarty->assign('login', $_REQUEST['login']);
 $gBitSmarty->assign('oldpass', $_REQUEST["oldpass"]);
 $gBitSmarty->assign('provpass', $_REQUEST["provpass"]);
 if (isset($_REQUEST["change"])) {
 
-	if ($_REQUEST["pass"] != $_REQUEST["pass2"]) {
-		$gBitSystem->fatalError( tra("The passwords didn't match") );
-	}
+	$userInfo = $gBitUser->getUserInfo( array( 'user_id' => $_REQUEST['user_id'] ) );
+
 	if ($_REQUEST["pass"] == $_REQUEST["oldpass"]) {
 		$gBitSystem->fatalError( tra("You can not use the same password again") );
 	}
-    $passsword_error_msg = $gBitUser->verifyPasswordFormat( $_REQUEST["pass"] );
-    if (strlen($passsword_error_msg)) {
-		$gBitSystem->fatalError( $passsword_error_msg );
-		}
+	
+    if( $passswordError = $gBitUser->verifyPasswordFormat( $_REQUEST["pass"], $_REQUEST["pass2"] ) ) {
+		$gBitSystem->fatalError( $passswordError );
+	}
 
-	if (strlen($_REQUEST["provpass"]) ) {
-		if (!$gBitUser->confirmRegistration($_REQUEST['login'], $_REQUEST["provpass"]) ) {
+	$validated = FALSE;
+	if( !empty( $_REQUEST["provpass"] ) ) {
+		if( !($validated = $gBitUser->confirmRegistration( $userInfo['user_id'], $_REQUEST["provpass"] )) ) {
 			$gBitSystem->fatalError( tra("Password reset request is invalid or has expired") );
 		}
-	}		
-	elseif( !$gBitUser->isAdmin() && !$gBitUser->validate($_REQUEST['login'], $_REQUEST["oldpass"], '', '') ) {
-		$gBitSystem->fatalError( tra("Invalid old password") );
+	} elseif( $gBitUser->isRegistered() ) {
+		if( !( $validated = $gBitUser->validate( $userInfo['login'], $_REQUEST["oldpass"], '', '' )) ) {
+			$gBitSystem->fatalError( tra("Invalid old password") );
+		}
+	}
+
+	if( $validated ) {
+		$gBitUser->storePassword( $_REQUEST["pass"], $userInfo['login'] );
+		$url = $gBitUser->login( $userInfo['login'], $_REQUEST["pass"] );
 	}
 
-	$gBitUser->storePassword( $_REQUEST["pass"], $_REQUEST['login'] );
-	$url = $gBitUser->login( $_REQUEST['login'], $_REQUEST["pass"] );
 	header ( "location: ".$url );
 }
 
 // Display the template
-$gBitSystem->display( 'bitpackage:users/change_password.tpl');
+$gBitSystem->display( 'bitpackage:users/change_password.tpl', 'Change Password' );
+
 ?>