<?php
/**********************************************************************
Copyright (C) FrontAccounting, LLC.
- Released under the terms of the GNU Affero General Public License,
- AGPL, as published by the Free Software Foundation, either version
- 3 of the License, or (at your option) any later version.
+ Released under the terms of the GNU General Public License, GPL,
+ as published by the Free Software Foundation, either version 3
+ of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- See the License here <http://www.gnu.org/licenses/agpl-3.0.html>.
+ See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
-$page_security=1;
+$page_security = 'SA_CHGPASSWD';
$path_to_root="..";
include_once($path_to_root . "/includes/session.inc");
-page(_("Change password"));
+page(_($help_context = "Change password"));
include_once($path_to_root . "/includes/date_functions.inc");
include_once($path_to_root . "/includes/ui.inc");
include_once($path_to_root . "/admin/db/users_db.inc");
-$selected_id = $_SESSION["wa_current_user"]->username;
-
-
function can_process()
{
+ $Auth_Result = hook_authenticate($_SESSION["wa_current_user"]->username, $_POST['cur_password']);
+
+ if (!isset($Auth_Result)) // if not used external login: standard method
+ $Auth_Result = get_user_auth($_SESSION["wa_current_user"]->username, md5($_POST['cur_password']));
+
+ if (!$Auth_Result)
+ {
+ display_error( _("Invalid password entered."));
+ set_focus('cur_password');
+ return false;
+ }
+
if (strlen($_POST['password']) < 4)
{
display_error( _("The password entered must be at least 4 characters long."));
return false;
}
- if (strstr($_POST['password'], $_POST['user_id']) != false)
+ if (strstr($_POST['password'], $_SESSION["wa_current_user"]->username) != false)
{
display_error( _("The password cannot contain the user login."));
set_focus('password');
return true;
}
-if (isset($_POST['UPDATE_ITEM']))
+if (isset($_POST['UPDATE_ITEM']) && check_csrf_token())
{
if (can_process())
{
- update_user_password($_POST['user_id'], md5($_POST['password']));
- display_notification(_("Your password has been updated."));
+ if ($SysPrefs->allow_demo_mode) {
+ display_warning(_("Password cannot be changed in demo mode."));
+ } else {
+ update_user_password($_SESSION["wa_current_user"]->user,
+ $_SESSION["wa_current_user"]->username,
+ md5($_POST['password']));
+ display_notification(_("Your password has been updated."));
+ }
$Ajax->activate('_page_body');
}
}
start_form();
-start_table($table_style);
+start_table(TABLESTYLE);
-$myrow = get_user($selected_id);
+$myrow = get_user($_SESSION["wa_current_user"]->user);
-$_POST['user_id'] = $myrow["user_id"];
-hidden('selected_id', $selected_id);
-hidden('user_id', $_POST['user_id']);
-
-label_row(_("User login:"), $_POST['user_id']);
+label_row(_("User login:"), $myrow['user_id']);
+$_POST['cur_password'] = "";
$_POST['password'] = "";
$_POST['passwordConfirm'] = "";
-start_row();
-label_cell(_("Password:"));
-label_cell("<input type='password' name='password' size=22 maxlength=20 value='" . $_POST['password'] . "'>");
-end_row();
-
-start_row();
-label_cell(_("Repeat password:"));
-label_cell("<input type='password' name='passwordConfirm' size=22 maxlength=20 value='" . $_POST['passwordConfirm'] . "'>");
-end_row();
+password_row(_("Current Password:"), 'cur_password', $_POST['cur_password']);
+password_row(_("New Password:"), 'password', $_POST['password']);
+password_row(_("Repeat New Password:"), 'passwordConfirm', $_POST['passwordConfirm']);
table_section_title(_("Enter your new password in the fields."));
end_table(1);
-submit_center( 'UPDATE_ITEM', _('Change password'), true, '', true);
+submit_center( 'UPDATE_ITEM', _('Change password'), true, '', 'default');
end_form();
end_page();
-?>
projects / fa-stable.git / blobdiff