admin/change_current_user_password.php

   1 <?php
   2 /**********************************************************************
   3     Copyright (C) FrontAccounting, LLC.
   4         Released under the terms of the GNU General Public License, GPL,
   5         as published by the Free Software Foundation, either version 3
   6         of the License, or (at your option) any later version.
   7     This program is distributed in the hope that it will be useful,
   8     but WITHOUT ANY WARRANTY; without even the implied warranty of
   9     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  10     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
  11 ***********************************************************************/
  12 $page_security = 'SA_CHGPASSWD';
  13 $path_to_root="..";
  14 include_once($path_to_root . "/includes/session.inc");
  15
  16 page(_($help_context = "Change password"));
  17
  18 include_once($path_to_root . "/includes/date_functions.inc");
  19 include_once($path_to_root . "/includes/ui.inc");
  20
  21 include_once($path_to_root . "/admin/db/users_db.inc");
  22
  23 function can_process()
  24 {
  25
  26         $Auth_Result = hook_authenticate($_SESSION["wa_current_user"]->username, $_POST['cur_password']);
  27
  28         if (!isset($Auth_Result))       // if not used external login: standard method
  29                 $Auth_Result = get_user_auth($_SESSION["wa_current_user"]->username, md5($_POST['cur_password']));
  30
  31         if (!$Auth_Result)
  32         {
  33                 display_error( _("Invalid password entered."));
  34                 set_focus('cur_password');
  35                 return false;
  36         }
  37
  38         if (strlen($_POST['password']) < 4)
  39         {
  40                 display_error( _("The password entered must be at least 4 characters long."));
  41                 set_focus('password');
  42                 return false;
  43         }
  44
  45         if (strstr($_POST['password'], $_SESSION["wa_current_user"]->username) != false)
  46         {
  47                 display_error( _("The password cannot contain the user login."));
  48                 set_focus('password');
  49                 return false;
  50         }
  51
  52         if ($_POST['password'] != $_POST['passwordConfirm'])
  53         {
  54                 display_error( _("The passwords entered are not the same."));
  55                 set_focus('password');
  56                 return false;
  57         }
  58
  59         return true;
  60 }
  61
  62 if (isset($_POST['UPDATE_ITEM']) && check_csrf_token())
  63 {
  64
  65         if (can_process())
  66         {
  67                 if ($SysPrefs->allow_demo_mode) {
  68                     display_warning(_("Password cannot be changed in demo mode."));
  69                 } else {
  70                         update_user_password($_SESSION["wa_current_user"]->user,
  71                                 $_SESSION["wa_current_user"]->username,
  72                                 md5($_POST['password']));
  73                     display_notification(_("Your password has been updated."));
  74                 }
  75                 $Ajax->activate('_page_body');
  76         }
  77 }
  78
  79 start_form();
  80
  81 start_table(TABLESTYLE);
  82
  83 $myrow = get_user($_SESSION["wa_current_user"]->user);
  84
  85 label_row(_("User login:"), $myrow['user_id']);
  86
  87 $_POST['cur_password'] = "";
  88 $_POST['password'] = "";
  89 $_POST['passwordConfirm'] = "";
  90
  91 password_row(_("Current Password:"), 'cur_password', $_POST['cur_password']);
  92 password_row(_("New Password:"), 'password', $_POST['password']);
  93 password_row(_("Repeat New Password:"), 'passwordConfirm', $_POST['passwordConfirm']);
  94
  95 table_section_title(_("Enter your new password in the fields."));
  96
  97 end_table(1);
  98
  99 submit_center( 'UPDATE_ITEM', _('Change password'), true, '',  'default');
 100 end_form();
 101 end_page();