X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fchange_current_user_password.php;h=1b69e00ec5f7fdea54e09a49ad0be8494c9a83ec;hb=a9e7141956ef0a60b58e9a627beee93cd35ed43c;hp=d38f96cd2b3a679e2ca3ba0c61f1e5e562e70bb9;hpb=416f264d932247bf47339c27fbfcd4b9736bd305;p=fa-stable.git diff --git a/admin/change_current_user_password.php b/admin/change_current_user_password.php index d38f96cd..1b69e00e 100644 --- a/admin/change_current_user_password.php +++ b/admin/change_current_user_password.php @@ -9,23 +9,32 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security=1; +$page_security = 'SA_CHGPASSWD'; $path_to_root=".."; include_once($path_to_root . "/includes/session.inc"); -page(_("Change password")); +page(_($help_context = "Change password")); include_once($path_to_root . "/includes/date_functions.inc"); include_once($path_to_root . "/includes/ui.inc"); include_once($path_to_root . "/admin/db/users_db.inc"); -$selected_id = $_SESSION["wa_current_user"]->username; - - function can_process() { + $Auth_Result = hook_authenticate($_SESSION["wa_current_user"]->username, $_POST['cur_password']); + + if (!isset($Auth_Result)) // if not used external login: standard method + $Auth_Result = get_user_auth($_SESSION["wa_current_user"]->username, md5($_POST['cur_password'])); + + if (!$Auth_Result) + { + display_error( _("Invalid password entered.")); + set_focus('cur_password'); + return false; + } + if (strlen($_POST['password']) < 4) { display_error( _("The password entered must be at least 4 characters long.")); @@ -33,7 +42,7 @@ function can_process() return false; } - if (strstr($_POST['password'], $_POST['user_id']) != false) + if (strstr($_POST['password'], $_SESSION["wa_current_user"]->username) != false) { display_error( _("The password cannot contain the user login.")); set_focus('password'); @@ -50,15 +59,17 @@ function can_process() return true; } -if (isset($_POST['UPDATE_ITEM'])) +if (isset($_POST['UPDATE_ITEM']) && check_csrf_token()) { if (can_process()) { - if ($allow_demo_mode) { + if ($SysPrefs->allow_demo_mode) { display_warning(_("Password cannot be changed in demo mode.")); } else { - update_user_password($_POST['user_id'], md5($_POST['password'])); + update_user_password($_SESSION["wa_current_user"]->user, + $_SESSION["wa_current_user"]->username, + md5($_POST['password'])); display_notification(_("Your password has been updated.")); } $Ajax->activate('_page_body'); @@ -67,34 +78,24 @@ if (isset($_POST['UPDATE_ITEM'])) start_form(); -start_table($table_style); +start_table(TABLESTYLE); -$myrow = get_user($selected_id); +$myrow = get_user($_SESSION["wa_current_user"]->user); -$_POST['user_id'] = $myrow["user_id"]; -hidden('selected_id', $selected_id); -hidden('user_id', $_POST['user_id']); - -label_row(_("User login:"), $_POST['user_id']); +label_row(_("User login:"), $myrow['user_id']); +$_POST['cur_password'] = ""; $_POST['password'] = ""; $_POST['passwordConfirm'] = ""; -start_row(); -label_cell(_("Password:")); -label_cell(""); -end_row(); - -start_row(); -label_cell(_("Repeat password:")); -label_cell(""); -end_row(); +password_row(_("Current Password:"), 'cur_password', $_POST['cur_password']); +password_row(_("New Password:"), 'password', $_POST['password']); +password_row(_("Repeat New Password:"), 'passwordConfirm', $_POST['passwordConfirm']); table_section_title(_("Enter your new password in the fields.")); end_table(1); -submit_center( 'UPDATE_ITEM', _('Change password'), true, '', true); +submit_center( 'UPDATE_ITEM', _('Change password'), true, '', 'default'); end_form(); end_page(); -?>