From 55a02149b3f6196b9f743f528dc0795f8c3e5460 Mon Sep 17 00:00:00 2001 From: Christian Fowler Date: Tue, 12 Sep 2006 19:26:48 +0000 Subject: major overhaul to change and remind password. This should fix outstanding issues, and clean up old TW code. It also reduced the lenght of the confirm URL so email apps are less likely to truncate it. If you need to change anything related to user password confirmation or changing, please check with spiderr first. --- change_password.php | 40 +++++++++++++++++++++++----------------- 1 file changed, 23 insertions(+), 17 deletions(-) (limited to 'change_password.php') diff --git a/change_password.php b/change_password.php index af69133..0130e26 100644 --- a/change_password.php +++ b/change_password.php @@ -1,6 +1,6 @@ assign('login', $_REQUEST['login']); $gBitSmarty->assign('oldpass', $_REQUEST["oldpass"]); $gBitSmarty->assign('provpass', $_REQUEST["provpass"]); if (isset($_REQUEST["change"])) { - if ($_REQUEST["pass"] != $_REQUEST["pass2"]) { - $gBitSystem->fatalError( tra("The passwords didn't match") ); - } + $userInfo = $gBitUser->getUserInfo( array( 'user_id' => $_REQUEST['user_id'] ) ); + if ($_REQUEST["pass"] == $_REQUEST["oldpass"]) { $gBitSystem->fatalError( tra("You can not use the same password again") ); } - $passsword_error_msg = $gBitUser->verifyPasswordFormat( $_REQUEST["pass"] ); - if (strlen($passsword_error_msg)) { - $gBitSystem->fatalError( $passsword_error_msg ); - } + + if( $passswordError = $gBitUser->verifyPasswordFormat( $_REQUEST["pass"], $_REQUEST["pass2"] ) ) { + $gBitSystem->fatalError( $passswordError ); + } - if (strlen($_REQUEST["provpass"]) ) { - if (!$gBitUser->confirmRegistration($_REQUEST['login'], $_REQUEST["provpass"]) ) { + $validated = FALSE; + if( !empty( $_REQUEST["provpass"] ) ) { + if( !($validated = $gBitUser->confirmRegistration( $userInfo['user_id'], $_REQUEST["provpass"] )) ) { $gBitSystem->fatalError( tra("Password reset request is invalid or has expired") ); } - } - elseif( !$gBitUser->isAdmin() && !$gBitUser->validate($_REQUEST['login'], $_REQUEST["oldpass"], '', '') ) { - $gBitSystem->fatalError( tra("Invalid old password") ); + } elseif( $gBitUser->isRegistered() ) { + if( !( $validated = $gBitUser->validate( $userInfo['login'], $_REQUEST["oldpass"], '', '' )) ) { + $gBitSystem->fatalError( tra("Invalid old password") ); + } + } + + if( $validated ) { + $gBitUser->storePassword( $_REQUEST["pass"], $userInfo['login'] ); + $url = $gBitUser->login( $userInfo['login'], $_REQUEST["pass"] ); } - $gBitUser->storePassword( $_REQUEST["pass"], $_REQUEST['login'] ); - $url = $gBitUser->login( $_REQUEST['login'], $_REQUEST["pass"] ); header ( "location: ".$url ); } // Display the template -$gBitSystem->display( 'bitpackage:users/change_password.tpl'); +$gBitSystem->display( 'bitpackage:users/change_password.tpl', 'Change Password' ); + ?> -- cgit v1.3