2 /**********************************************************************
3 Copyright (C) FrontAccounting, LLC.
4 Released under the terms of the GNU General Public License, GPL,
5 as published by the Free Software Foundation, either version 3
6 of the License, or (at your option) any later version.
7 This program is distributed in the hope that it will be useful,
8 but WITHOUT ANY WARRANTY; without even the implied warranty of
9 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10 See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
11 ***********************************************************************/
12 $page_security = 'SA_CHGPASSWD';
14 include_once($path_to_root . "/includes/session.inc");
16 page(_($help_context = "Change password"));
18 include_once($path_to_root . "/includes/date_functions.inc");
19 include_once($path_to_root . "/includes/ui.inc");
21 include_once($path_to_root . "/admin/db/users_db.inc");
23 function can_process()
26 $Auth_Result = hook_authenticate($_SESSION["wa_current_user"]->username, $_POST['cur_password']);
28 if (!isset($Auth_Result)) // if not used external login: standard method
29 $Auth_Result = get_user_auth($_SESSION["wa_current_user"]->username, md5($_POST['cur_password']));
33 display_error( _("Invalid password entered."));
34 set_focus('cur_password');
38 if (strlen($_POST['password']) < 4)
40 display_error( _("The password entered must be at least 4 characters long."));
41 set_focus('password');
45 if (strstr($_POST['password'], $_SESSION["wa_current_user"]->username) != false)
47 display_error( _("The password cannot contain the user login."));
48 set_focus('password');
52 if ($_POST['password'] != $_POST['passwordConfirm'])
54 display_error( _("The passwords entered are not the same."));
55 set_focus('password');
62 if (isset($_POST['UPDATE_ITEM']) && check_csrf_token())
67 if ($SysPrefs->allow_demo_mode) {
68 display_warning(_("Password cannot be changed in demo mode."));
70 update_user_password($_SESSION["wa_current_user"]->user,
71 $_SESSION["wa_current_user"]->username,
72 md5($_POST['password']));
73 display_notification(_("Your password has been updated."));
75 $Ajax->activate('_page_body');
81 start_table(TABLESTYLE);
83 $myrow = get_user($_SESSION["wa_current_user"]->user);
85 label_row(_("User login:"), $myrow['user_id']);
87 $_POST['cur_password'] = "";
88 $_POST['password'] = "";
89 $_POST['passwordConfirm'] = "";
91 password_row(_("Current Password:"), 'cur_password', $_POST['cur_password']);
92 password_row(_("New Password:"), 'password', $_POST['password']);
93 password_row(_("Repeat New Password:"), 'passwordConfirm', $_POST['passwordConfirm']);
95 table_section_title(_("Enter your new password in the fields."));
99 submit_center( 'UPDATE_ITEM', _('Change password'), true, '', 'default');