X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fchange_current_user_password.php;h=1b69e00ec5f7fdea54e09a49ad0be8494c9a83ec;hb=58ca6ac4ea7a903514388cf8c3f380f745d81551;hp=9b205e19f2299d27b79d14b410fff0443b8c03b0;hpb=902f1015d874c33bd7946b17de2ad80b4f2144b6;p=fa-stable.git
diff --git a/admin/change_current_user_password.php b/admin/change_current_user_password.php
index 9b205e19..1b69e00e 100644
--- a/admin/change_current_user_password.php
+++ b/admin/change_current_user_password.php
@@ -13,7 +13,7 @@ $page_security = 'SA_CHGPASSWD';
$path_to_root="..";
include_once($path_to_root . "/includes/session.inc");
-page(_("Change password"));
+page(_($help_context = "Change password"));
include_once($path_to_root . "/includes/date_functions.inc");
include_once($path_to_root . "/includes/ui.inc");
@@ -23,6 +23,18 @@ include_once($path_to_root . "/admin/db/users_db.inc");
function can_process()
{
+ $Auth_Result = hook_authenticate($_SESSION["wa_current_user"]->username, $_POST['cur_password']);
+
+ if (!isset($Auth_Result)) // if not used external login: standard method
+ $Auth_Result = get_user_auth($_SESSION["wa_current_user"]->username, md5($_POST['cur_password']));
+
+ if (!$Auth_Result)
+ {
+ display_error( _("Invalid password entered."));
+ set_focus('cur_password');
+ return false;
+ }
+
if (strlen($_POST['password']) < 4)
{
display_error( _("The password entered must be at least 4 characters long."));
@@ -47,12 +59,12 @@ function can_process()
return true;
}
-if (isset($_POST['UPDATE_ITEM']))
+if (isset($_POST['UPDATE_ITEM']) && check_csrf_token())
{
if (can_process())
{
- if ($allow_demo_mode) {
+ if ($SysPrefs->allow_demo_mode) {
display_warning(_("Password cannot be changed in demo mode."));
} else {
update_user_password($_SESSION["wa_current_user"]->user,
@@ -66,24 +78,19 @@ if (isset($_POST['UPDATE_ITEM']))
start_form();
-start_table($table_style);
+start_table(TABLESTYLE);
$myrow = get_user($_SESSION["wa_current_user"]->user);
label_row(_("User login:"), $myrow['user_id']);
+$_POST['cur_password'] = "";
$_POST['password'] = "";
$_POST['passwordConfirm'] = "";
-start_row();
-label_cell(_("Password:"));
-label_cell("");
-end_row();
-
-start_row();
-label_cell(_("Repeat password:"));
-label_cell("");
-end_row();
+password_row(_("Current Password:"), 'cur_password', $_POST['cur_password']);
+password_row(_("New Password:"), 'password', $_POST['password']);
+password_row(_("Repeat New Password:"), 'passwordConfirm', $_POST['passwordConfirm']);
table_section_title(_("Enter your new password in the fields."));
@@ -92,4 +99,3 @@ end_table(1);
submit_center( 'UPDATE_ITEM', _('Change password'), true, '', 'default');
end_form();
end_page();
-?>