webchangepwd.inc.php

/assets/snippets/weblogin/webchangepwd.inc.php

https://github.com/modxcms/evolution
PHP | 180 lines | 159 code | 10 blank | 11 comment | 20 complexity | 75f3beb571d875fcbc2481ac65d7018b MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.1, MIT, BSD-2-Clause, Apache-2.0, BSD-3-Clause

<?php
# WebChangePwd 1.0
# Created By Raymond Irving April, 2005
#::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

defined('IN_PARSER_MODE') or die();

# load tpl
if(is_numeric($tpl)) $tpl = ($doc=$modx->getDocuments($tpl)) ? $doc['content']:"Document '$tpl' not found.";
else if($tpl) $tpl = ($chunk=$modx->getChunk($tpl)) ? $chunk:"Chunk '$tpl' not found.";
if(!$tpl) $tpl = getWebChangePwdtpl();

// extract declarations
$declare = webLoginExtractDeclarations($tpl);
$tpls = explode((isset($declare["separator"]) ? $declare["separator"]:"<!--tpl_separator-->"),$tpl);

if(!$isPostBack && isset($_SESSION['webValidated'])){
    // display password screen
    $tpl = $tpls[0];
    $tpl = str_replace("[+action+]",$modx->makeUrl($modx->documentIdentifier),$tpl);
    $tpl.="<script type='text/javascript'>
        if (document.changepwdfrm) document.changepwdfrm.oldpassword.focus();
        </script>";
    $output .= $tpl;
} 
else if ($isPostBack && isset($_SESSION['webValidated'])){
    $oldpassword = $_POST['oldpassword'];
    $genpassword = $_POST['newpassword'];
    $passwordgenmethod = $_POST['passwordgenmethod'];
    $passwordnotifymethod = $_POST['passwordnotifymethod'];
    $specifiedpassword = $_POST['specifiedpassword'];
    
    $uid = $modx->getLoginUserID();
    $type = $modx->getLoginUserType();

    // load template
    $tpl = $tpls[0];
    $tpl = str_replace("[+action+]",$modx->makeUrl($modx->documentIdentifier),$tpl);
    $tpl.="<script type='text/javascript'>if (document.changepwdfrm) document.changepwdfrm.oldpassword.focus();</script>";

    // get user record
    if($type=='manager') $ds = $modx->getUserInfo($uid);
    else $ds = $modx->getWebUserInfo($uid);

    // verify password
    if($ds['password']==md5($oldpassword)) {

        // verify password
        if ($passwordgenmethod=="spec" && $_POST['specifiedpassword']!=$_POST['confirmpassword']) {
            $output = webLoginAlert("Password typed is mismatched",1).$tpl;
            return;
        }

        // generate a new password for this user
        if($specifiedpassword!="" && $passwordgenmethod=="spec") {
            if(strlen($specifiedpassword) < 6 ) {
                $output = webLoginAlert("Password is too short!").$tpl;
                return;
            } else {
                $newpassword = $specifiedpassword;
            }            
        } elseif($specifiedpassword=="" && $passwordgenmethod=="spec") {
            $output = webLoginAlert("You didn't specify a password for this user!").$tpl;
            return;        
        } elseif($passwordgenmethod=='g') {
            $newpassword = webLoginGeneratePassword(8);        
        } else {
            $output = webLoginAlert("No password generation method specified!").$tpl;
            return;
        }

        // handle notification
        if($passwordnotifymethod=='e') {
            $rt = webLoginSendNewPassword($ds["email"],$ds["username"],$newpassword,$ds["fullname"]);
            if($rt!==true) { // an error occured
                $output = $rt.$tpl;
                return;
            }
            else {
                $newpassmsg = "A copy of the new password was sent to your email address.";
            }
        }
        else {
            $newpassmsg = "The new password is <b>" . htmlspecialchars($newpassword, ENT_QUOTES) . "</b>.";
        }
        
        // save new password to database
        $rt = $modx->changeWebUserPassword($oldpassword,md5($newpassword));
        if($rt!==true) {
            $output = webLoginAlert("An error occured while saving new password: $rt");
            return;
        }        
        
        // display change notification
        $tpl = $tpls[1];
        $tpl = str_replace("[+newpassmsg+]",$newpassmsg,$tpl);    
        $output .= $tpl;
    }
    else {    
        $output = webLoginAlert("Incorrect password. Please try again.").$tpl;
        return;
    }
}

// Returns Default WebChangePwd tpl
function getWebChangePwdtpl(){
    ob_start();
    ?>
    <!-- #declare:separator <hr> --> 
    <!-- login form section-->
    <form method="post" name="changepwdfrm" action="[+action+]" style="margin: 0px; padding: 0px;">
      <table border="0" cellpadding="1" width="300">
        <tr>
          <td><fieldset style="width:300px">
          <legend><b>Enter your current password</b></legend>
          <table border="0" cellpadding="0" style="margin-left:20px;">
            <tr>
              <td style="padding:0px 0px 0px 0px;">
              <label for="oldpassword" style="width:120px">Current password:</label>
              </td>
              <td style="padding:0px 0px 0px 0px;">
              <input type="password" name="oldpassword" size="20" /><br />
              </td>
            </tr>
          </table>
          </fieldset> <fieldset style="width:300px">
          <legend><b>New password method</b></legend>
          <input type="radio" name="passwordgenmethod" value="g" checked />Let this website 
          generate a password.<br />
          <input type="radio" name="passwordgenmethod" value="spec" />Let me specify 
          the password:<br />
          <div style="padding-left:20px">
            <table border="0" cellpadding="0">
              <tr>
                <td style="padding:0px 0px 0px 0px;">
                <label for="specifiedpassword" style="width:120px">New password:</label>
                </td>
                <td style="padding:0px 0px 0px 0px;">
                <input type="password" name="specifiedpassword" onchange="documentdirty=true;" onkeypress="document.changepwdfrm.passwordgenmethod[1].checked=true;" size="20" /><br />
                </td>
              </tr>
              <tr>
                <td style="padding:0px 0px 0px 0px;">
                <label for="confirmpassword" style="width:120px">Confirm password:</label>
                </td>
                <td style="padding:0px 0px 0px 0px;">
                <input type="password" name="confirmpassword" onchange="documentdirty=true;" onkeypress="document.changepwdfrm.passwordgenmethod[1].checked=true;" size="20" /><br />
                </td>
              </tr>
            </table>
            <small><span class="warning" style="font-weight:normal">The password you 
            specify needs to be at least 6 characters long.</span></small>
          </div>
          </fieldset><br />
          <fieldset style="width:300px">
          <legend><b>Password notification method</b></legend>
          <input type="radio" name="passwordnotifymethod" value="e" />Send the new password 
          by e-mail.<br />
          <input type="radio" name="passwordnotifymethod" value="s" checked />Show the new password 
          on screen.
          </fieldset></td>
        </tr>
        <tr>
          <td align="right"><input type="submit" value="Submit" name="cmdwebchngpwd" />
          <input type="reset" value="Reset" name="cmdreset" />
          </td>
        </tr>
      </table>
    </form>
    <hr>
    <!-- notification section -->
    Your password was successfully changed.<br /><br />
    [+newpassmsg+]
    <?php 
    $t = ob_get_contents();
    ob_end_clean();
    return $t;
}

?>