2005-08-09 18:46:53 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
require_once("../inc/db.inc");
|
|
|
|
require_once("../inc/util.inc");
|
|
|
|
require_once("../inc/user.inc");
|
|
|
|
|
|
|
|
db_init();
|
|
|
|
|
2005-08-26 22:26:26 +00:00
|
|
|
$auth = process_user_text(post_str("auth", true));
|
|
|
|
$email_addr = strtolower(process_user_text(post_str("email_addr", true)));
|
2005-08-09 18:46:53 +00:00
|
|
|
|
2005-09-08 20:33:04 +00:00
|
|
|
// Note: don't call process_user_text() on passwords.
|
|
|
|
// This is not needed, and will break passwords containing punctuation
|
2005-08-09 18:46:53 +00:00
|
|
|
|
2005-09-23 05:38:38 +00:00
|
|
|
$old_passwd = stripslashes(post_str("old_passwd", true));
|
|
|
|
$passwd = stripslashes(post_str("passwd"));
|
|
|
|
$passwd2 = stripslashes(post_str("passwd2"));
|
2005-08-09 18:46:53 +00:00
|
|
|
|
|
|
|
if ($passwd != $passwd2) {
|
2005-08-26 22:26:26 +00:00
|
|
|
error_page("New passwords are different");
|
|
|
|
}
|
2005-10-07 19:19:07 +00:00
|
|
|
|
|
|
|
$config = get_config();
|
|
|
|
$min_passwd_length = parse_config($config, "<min_passwd_length>");
|
|
|
|
if (!$min_passwd_length) $min_passwd_length = 6;
|
|
|
|
|
2005-10-07 23:19:20 +00:00
|
|
|
if (mb_detect_encoding($passwd) != 'ASCII') {
|
|
|
|
error_page("Passwords may only include ASCII characters.");
|
|
|
|
}
|
|
|
|
|
2005-10-07 19:19:07 +00:00
|
|
|
if (strlen($passwd)<$min_passwd_length) {
|
|
|
|
error_page(
|
|
|
|
"New password is too short:
|
|
|
|
minimum password length is $min_passwd_length characters."
|
|
|
|
);
|
2005-10-07 14:28:08 +00:00
|
|
|
}
|
2005-08-26 22:26:26 +00:00
|
|
|
if ($auth) {
|
|
|
|
$user = lookup_user_auth($auth);
|
|
|
|
if (!$user) {
|
|
|
|
error_page("Invalid account key");
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
$user = lookup_user_email_addr($email_addr);
|
|
|
|
if (!$user) {
|
|
|
|
error_page("No account with that email address was found");
|
|
|
|
}
|
|
|
|
$passwd_hash = md5($old_passwd.$email_addr);
|
|
|
|
if ($user->passwd_hash != $passwd_hash) {
|
|
|
|
error_page("Invalid password");
|
|
|
|
}
|
2005-08-09 18:46:53 +00:00
|
|
|
}
|
|
|
|
|
2005-08-26 22:26:26 +00:00
|
|
|
page_head("Change password");
|
2005-08-09 18:46:53 +00:00
|
|
|
$passwd_hash = md5($passwd.$user->email_addr);
|
2005-08-26 22:26:26 +00:00
|
|
|
$query = "update user set passwd_hash='$passwd_hash' where id=$user->id";
|
|
|
|
$result = mysql_query($query);
|
2005-08-09 18:46:53 +00:00
|
|
|
if ($result) {
|
2005-08-26 22:26:26 +00:00
|
|
|
echo "Your password has been changed.";
|
2005-08-09 18:46:53 +00:00
|
|
|
} else {
|
|
|
|
echo "
|
|
|
|
We can't update your password due to a database problem.
|
|
|
|
Please try again later.
|
|
|
|
";
|
|
|
|
}
|
|
|
|
|
|
|
|
page_tail();
|
|
|
|
?>
|