[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  // settings_data_password.php - PHProjekt Version 5.0

   4  // copyright  ©  2000-2005 Albrecht Guenther  ag@phprojekt.com

   5  // www.phprojekt.com

   6  // Author: Albrecht Guenther, $Author: paolo $

   7  // $Id: settings_data_password.php,v 1.4 2005/06/15 16:47:27 paolo Exp $

   8  
   9  // check whether the lib has been included - authentication!

  10  if (!defined('lib_included')) die('Please use settings.php!');
  11  
  12  
  13  // fetch password from this user from database

  14  $result = db_query("SELECT pw
  15                        FROM ".DB_PREFIX."users
  16                       WHERE ID = '$user_ID'") or db_die();
  17  $row = db_fetch_row($result);
  18  
  19  // encrypt password if this option is set in config

  20  if (PHPR_PW_CRYPT) $password2 = encrypt($password, $row[0]);
  21  // ...or leave like it is

  22  else               $password2 = $password;
  23  
  24  //  if the password doesn't fit, display error message

  25  if ( $password2 <> $row[0]) {
  26      $pout .= '<h5>'.__('Wrong password').'!</h5>';
  27      $action = 0;
  28  }
  29  
  30  // dialog for random gen. pw's

  31  if ($action == '1') {
  32      // create a new random generated password

  33      $pw = rnd_string();
  34      $pout .= '<br /><h5>'.__('Suggestion').': '.$pw.'</h5>';
  35      $newpw1 = $pw;
  36      $_SESSION['newpw1'] =& $newpw1;
  37      // link to new string

  38      $pout .= '<a href="./settings.php?password='.$password.'&amp;action=1&amp;mode=password'.$sid.
  39               '" title="'.__('Generate a new password').'">'.__('Generate a new password').'</a><br />';
  40      // link to save this string with confirmation

  41      $pout .= '<a href="./settings.php?password='.$password.'&amp;action=2&amp;mode=password'.$sid.
  42               '" title="'.__('Are you sure?').'" onclick="return confirm(\''.__('Are you sure?').'\');">'.
  43               __('Save password').'</a><hr />';
  44  }
  45  // proof pw and write it to db

  46  else if ($action == '2') {
  47      // check whether the new password has more than 4 chars

  48      if (strlen($newpw1) < 5) {
  49          $pout .= '<h5>'.__('The new password must have 5 letters at least').'!</h5>';
  50      }
  51      // check here whether the user retyped the same word

  52      else if (PHPR_PW_CHANGE == 2 and $newpw1 <> $newpw2) {
  53          $pout .= '<h5>'.__('You didnt repeat the new password correctly').'!</h5>';
  54      }
  55      // everythings fine? -> store new password in db and session

  56      else {
  57          if (PHPR_PW_CRYPT) {
  58              $newpasswd = encrypt($newpw1, $newpw1);
  59          }
  60          else {
  61              $newpasswd = $newpw1;
  62          }
  63          // update record in database

  64          $result = db_query("UPDATE ".DB_PREFIX."users
  65                                 SET pw = '$newpasswd'
  66                               WHERE ID = '$user_ID'") or db_die();
  67          $pout = __('Your new password has been stored');
  68  
  69          // store new password in session

  70          $user_pw = $newpw1;
  71          unset($newpw1);
  72          $_SESSION['user_pw'] =& $user_pw;
  73      }
  74  }
  75  
  76  ?>