Development

Wiki Start
Wishlist
Timeline
Roadmap
Browse Source
New Ticket
View Tickets

root/trunk/gui/admin/password_change.php

Revision 1390, 3.8 kB (checked in by simple, 1 month ago)

fix according to http://www.isp-control.net/ispcp/ticket/1564
* clear untechnical message
* including the required length
* message according to config-setting (passwd_strong or not)
changed all files with chk_password and error message in it, as well as the language files base and de_DE to add the string

Line 
1 <?php
2 /**
3  * ispCP ω (OMEGA) a Virtual Hosting Control System
4  *
5  * @copyright     2001-2006 by moleSoftware GmbH
6  * @copyright     2006-2008 by ispCP | http://isp-control.net
7  * @version     SVN: $Id$
8  * @link         http://isp-control.net
9  * @author         ispCP Team
10  *
11  * @license
12  *   This program is free software; you can redistribute it and/or modify it under
13  *   the terms of the MPL General Public License as published by the Free Software
14  *   Foundation; either version 1.1 of the License, or (at your option) any later
15  *   version.
16  *   You should have received a copy of the MPL Mozilla Public License along with
17  *   this program; if not, write to the Open Source Initiative (OSI)
18  *   http://opensource.org | osi@opensource.org
19  */
20
21 require '../include/ispcp-lib.php';
22
23 check_login(__FILE__);
24
25 $tpl = new pTemplate();
26 $tpl->define_dynamic('page', Config::get('ADMIN_TEMPLATE_PATH') . '/password_change.tpl');
27 $tpl->define_dynamic('page_message', 'page');
28 $tpl->define_dynamic('hosting_plans', 'page');
29
30 $theme_color = Config::get('USER_INITIAL_THEME');
31
32 $tpl->assign(
33         array(
34             'TR_ADMIN_CHANGE_PASSWORD_PAGE_TITLE' => tr('ispCP - Admin/Change Password'),
35             'THEME_COLOR_PATH' => "../themes/$theme_color",
36             'THEME_CHARSET' => tr('encoding'),
37             'ISP_LOGO' => get_logo($_SESSION['user_id'])
38         )
39     );
40
41 function update_password() {
42     $sql = Database::getInstance();
43
44     if (isset($_POST['uaction']) && $_POST['uaction'] === 'updt_pass') {
45         if (empty($_POST['pass']) || empty($_POST['pass_rep']) || empty($_POST['curr_pass'])) {
46             set_page_message(tr('Please fill up all data fields!'));
47         } else if (!chk_password($_POST['pass'])) {
48             if(Config::get('PASSWD_STRONG')){
49         set_page_message(sprintf(tr('The password must be at least %s long and contain letters and numbers to be valid.'), Config::get('PASSWD_CHARS')));
50       } else {
51         set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), Config::get('PASSWD_CHARS')));
52       }
53         } else if ($_POST['pass'] !== $_POST['pass_rep']) {
54             set_page_message(tr('Passwords do not match!'));
55         } else if (check_udata($_SESSION['user_id'], $_POST['curr_pass']) === false) {
56             set_page_message(tr('The current password is wrong!'));
57         } else {
58             $upass = crypt_user_pass($_POST['pass']);
59
60             $_SESSION['user_pass'] = $upass;
61
62             $user_id = $_SESSION['user_id'];
63
64             $query = <<<SQL_QUERY
65                 update
66                     admin
67                 set
68                     admin_pass = ?
69                 where
70                     admin_id = ?
71 SQL_QUERY;
72             $rs = exec_query($sql, $query, array($upass, $user_id));
73
74             set_page_message(tr('User password updated successfully!'));
75         }
76     }
77 }
78
79 function check_udata($id, $pass) {
80     $sql = Database::getInstance();
81
82     $query = <<<SQL_QUERY
83         SELECT
84             admin_name, admin_pass
85         FROM
86           admin
87         WHERE
88           admin_id = ?
89 SQL_QUERY;
90
91     $rs = exec_query($sql, $query, array($id));
92
93     if ($rs->RecordCount() == 1) {
94         $rs = $rs->FetchRow();
95
96         if ((crypt($pass, $rs['admin_pass']) == $rs['admin_pass']) || (md5($pass) == $rs['admin_pass'])) {
97             return true;
98         }
99     }
100
101     return false;
102 }
103
104 /*
105  *
106  * static page messages.
107  *
108  */
109 gen_admin_mainmenu($tpl, Config::get('ADMIN_TEMPLATE_PATH') . '/main_menu_general_information.tpl');
110 gen_admin_menu($tpl, Config::get('ADMIN_TEMPLATE_PATH') . '/menu_general_information.tpl');
111
112 $tpl->assign(
113     array('TR_CHANGE_PASSWORD' => tr('Change password'),
114         'TR_PASSWORD_DATA' => tr('Password data'),
115         'TR_PASSWORD' => tr('Password'),
116         'TR_PASSWORD_REPEAT' => tr('Repeat password'),
117         'TR_UPDATE_PASSWORD' => tr('Update password'),
118         'TR_CURR_PASSWORD' => tr('Current password')
119         )
120     );
121
122 update_password();
123
124 gen_page_message($tpl);
125
126 $tpl->parse('PAGE', 'page');
127 $tpl->prnt();
128
129 if (Config::get('DUMP_GUI_DEBUG'))
130     dump_gui_debug();
131
132 unset_messages();
133
134 ?>
Note: See TracBrowser for help on using the browser.