Numerous fixes to upgrade scripts + eliminate ability of users to invalidate each others passwords

author: Jams H Thompson <jht001@users.sourceforge.net> 2006-08-23 08:29:29 +0000
committer: Jams H Thompson <jht001@users.sourceforge.net> 2006-08-23 08:29:29 +0000
commit: cc4e9be2d82c6f8821eb04d1d800520eb5277fec (patch)
tree: db26034c8b40b1727cd9e7c311c318d90d6e0800 /change_password.php
parent: 50bd63af0a7823c8066abcc4dae295a854901680 (diff)
download: users-cc4e9be2d82c6f8821eb04d1d800520eb5277fec.tar.gz
users-cc4e9be2d82c6f8821eb04d1d800520eb5277fec.tar.bz2
users-cc4e9be2d82c6f8821eb04d1d800520eb5277fec.zip
1 files changed, 14 insertions, 6 deletions
diff --git a/change_password.php b/change_password.php
index b3dea8a..af69133 100644
--- a/change_password.php
+++ b/change_password.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * $Header: /cvsroot/bitweaver/_bit_users/change_password.php,v 1.5 2006/08/17 06:28:44 jht001 Exp $
+ * $Header: /cvsroot/bitweaver/_bit_users/change_password.php,v 1.6 2006/08/23 08:29:29 jht001 Exp $
  *
  * Copyright (c) 2004 bitweaver.org
  * Copyright (c) 2003 tikwiki.org
@@ -8,7 +8,7 @@
  * All Rights Reserved. See copyright.txt for details and a complete list of authors.
  * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details
  *
- * $Id: change_password.php,v 1.5 2006/08/17 06:28:44 jht001 Exp $
+ * $Id: change_password.php,v 1.6 2006/08/23 08:29:29 jht001 Exp $
  * @package users
  * @subpackage functions
  */
@@ -21,8 +21,11 @@ if (!isset($_REQUEST['login']))
 	$_REQUEST['login'] = '';
 if (!isset($_REQUEST["oldpass"]))
 	$_REQUEST["oldpass"] = '';
+if (!isset($_REQUEST["provpass"]))
+	$_REQUEST["provpass"] = '';
 $gBitSmarty->assign('login', $_REQUEST['login']);
 $gBitSmarty->assign('oldpass', $_REQUEST["oldpass"]);
+$gBitSmarty->assign('provpass', $_REQUEST["provpass"]);
 if (isset($_REQUEST["change"])) {
 
 	if ($_REQUEST["pass"] != $_REQUEST["pass2"]) {
@@ -31,15 +34,20 @@ if (isset($_REQUEST["change"])) {
 	if ($_REQUEST["pass"] == $_REQUEST["oldpass"]) {
 		$gBitSystem->fatalError( tra("You can not use the same password again") );
 	}
-	if( !$gBitUser->isAdmin() && !$gBitUser->validate($_REQUEST['login'], $_REQUEST["oldpass"], '', '') ) {
-		$gBitSystem->fatalError( tra("Invalid old password") );
-	}
-	//Validate password here
     $passsword_error_msg = $gBitUser->verifyPasswordFormat( $_REQUEST["pass"] );
     if (strlen($passsword_error_msg)) {
 		$gBitSystem->fatalError( $passsword_error_msg );
 		}
 
+	if (strlen($_REQUEST["provpass"]) ) {
+		if (!$gBitUser->confirmRegistration($_REQUEST['login'], $_REQUEST["provpass"]) ) {
+			$gBitSystem->fatalError( tra("Password reset request is invalid or has expired") );
+		}
+	}		
+	elseif( !$gBitUser->isAdmin() && !$gBitUser->validate($_REQUEST['login'], $_REQUEST["oldpass"], '', '') ) {
+		$gBitSystem->fatalError( tra("Invalid old password") );
+	}
+
 	$gBitUser->storePassword( $_REQUEST["pass"], $_REQUEST['login'] );
 	$url = $gBitUser->login( $_REQUEST['login'], $_REQUEST["pass"] );
 	header ( "location: ".$url );
author	Jams H Thompson <jht001@users.sourceforge.net>	2006-08-23 08:29:29 +0000
committer	Jams H Thompson <jht001@users.sourceforge.net>	2006-08-23 08:29:29 +0000
commit	cc4e9be2d82c6f8821eb04d1d800520eb5277fec (patch)
tree	db26034c8b40b1727cd9e7c311c318d90d6e0800 /change_password.php
parent	50bd63af0a7823c8066abcc4dae295a854901680 (diff)
download	users-cc4e9be2d82c6f8821eb04d1d800520eb5277fec.tar.gz users-cc4e9be2d82c6f8821eb04d1d800520eb5277fec.tar.bz2 users-cc4e9be2d82c6f8821eb04d1d800520eb5277fec.zip