pwd.change.php | searchcode

/phpmyfaq/admin/pwd.change.php

https://github.com/cyrke/phpMyFAQ
PHP | 91 lines | 61 code | 10 blank | 20 comment | 9 complexity | 1bc113eb0fb780f4cc929ca0eb6ad803 MD5 | raw file
Possible License(s): LGPL-2.1, LGPL-3.0, MPL-2.0-no-copyleft-exception

<?php
/**
 * Form to change password of the current user
 *
 * PHP Version 5.3
 *
 * This Source Code Form is subject to the terms of the Mozilla Public License,
 * v. 2.0. If a copy of the MPL was not distributed with this file, You can
 * obtain one at http://mozilla.org/MPL/2.0/.
 *
 * @category  phpMyFAQ
 * @package   Administration
 * @author    Thorsten Rinne <thorsten@phpmyfaq.de>
 * @copyright 2003-2012 phpMyFAQ Team
 * @license   http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
 * @link      http://www.phpmyfaq.de
 * @since     2003-02-23
 */

if (!defined('IS_VALID_PHPMYFAQ')) {
    header('Location: http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME']));
    exit();
}
?>
        <header>
            <h2><?php print $PMF_LANG['ad_passwd_cop']; ?></h2>
        </header>
<?php
if ($permission["passwd"]) {
    
    // If we have to save a new password, do that first
    $save = PMF_Filter::filterInput(INPUT_POST, 'save', FILTER_SANITIZE_STRING);
    if (!is_null($save)) {

        // Re-evaluate $user
        $user = PMF_User_CurrentUser::getFromSession($faqConfig);

        // Define the (Local/Current) Authentication Source
        $auth = new PMF_Auth($faqConfig);
        $_authSource = $auth->selectAuth($user->getAuthSource('name'));
        $_authSource->selectEncType($user->getAuthData('encType'));
        $_authSource->setReadOnly($user->getAuthData('readOnly'));
        
        $opasswd = PMF_Filter::filterInput(INPUT_POST, 'opass', FILTER_SANITIZE_STRING);
        $npasswd = PMF_Filter::filterInput(INPUT_POST, 'npass', FILTER_SANITIZE_STRING);
        $bpasswd = PMF_Filter::filterInput(INPUT_POST, 'bpass', FILTER_SANITIZE_STRING);

        if (($_authSource->checkPassword($user->getLogin(), $opasswd)) && ($npasswd == $bpasswd)) {
            if (!$user->changePassword($npasswd)) {
                printf('<p class="alert alert-error">%s</p>', $PMF_LANG["ad_passwd_fail"]);
            }
            printf('<p class="alert alert-success">%s</p>', $PMF_LANG["ad_passwdsuc"]);
        } else {
            printf('<p class="alert alert-error">%s</p>', $PMF_LANG["ad_passwd_fail"]);
        }
    }
?>

        <form class="form-horizontal" action="?action=passwd" method="post">
        <input type="hidden" name="save" value="newpassword" />
            <div class="control-group">
                <label class="control-label" for="opass"><?php print $PMF_LANG["ad_passwd_old"]; ?></label>
                <div class="controls">
                    <input type="password" name="opass" id="opass" required="required" />
                </div>
            </div>

            <div class="control-group">
                <label class="control-label" for="npass"><?php print $PMF_LANG["ad_passwd_new"]; ?></label>
                <div class="controls">
                    <input type="password" name="npass" id="npass" required="required" />
                </div>
            </div>

            <div class="control-group">
                <label class="control-label" for="bpass"><?php print $PMF_LANG["ad_passwd_con"]; ?></label>
                <div class="controls">
                    <input type="password" name="bpass" id="bpass" required="required"  />
                </div>
            </div>

            <div class="form-actions">
                <button class="btn btn-primary" type="submit">
                    <?php print $PMF_LANG["ad_passwd_change"]; ?>
                </button>
            </div>
        </form>
<?php
} else {
    print $PMF_LANG["err_NotAuth"];
}