27663afe |
1 | <?php |
2 | |
3 | /** |
4 | * Will verify the input against a set of criteria: |
5 | * is every field supplied, does verify password match, |
6 | * does current password validate, .. |
7 | * These criteria are for now backend-independant. |
8 | * @return array Array with zero or more error messages. |
9 | */ |
10 | function cpw_check_input() |
11 | { |
12 | global $cpw_pass_min_length, $cpw_pass_max_length; |
13 | |
14 | // formdata |
15 | sqgetGlobalVar('cpw_curpass', $currentpw, SQ_POST); |
16 | sqgetGlobalVar('cpw_newpass', $newpw, SQ_POST); |
17 | sqgetGlobalVar('cpw_verify', $verifypw, SQ_POST); |
18 | // for decrypting current password |
19 | sqgetGlobalVar('key', $key, SQ_COOKIE); |
20 | sqgetGlobalVar('onetimepad', $onetimepad,SQ_SESSION); |
21 | |
22 | $msg = array(); |
23 | |
24 | if(!$currentpw) { |
25 | $msg[] = _("You must type in your current password."); |
26 | } elseif($currentpw != OneTimePadDecrypt($key, $onetimepad)) { |
27 | $msg[] = _("Your current password is not correct."); |
28 | } |
29 | if(!$newpw) { |
30 | $msg[] = _("You must type in a new password."); |
31 | } |
32 | if(!$verifypw) { |
33 | $msg[] = _("You must also type in your new password in the verify box."); |
34 | } elseif ($verifypw != $newpw) { |
35 | $msg[] = _("Your new password does not match the verify password."); |
36 | } |
37 | if($newpw && (strlen($newpw) < $cpw_pass_min_length || |
38 | strlen($newpw) > $cpw_pass_max_length ) ) { |
39 | $msg[] = sprintf(_("Your new password should be %s to %s characters long."), |
40 | $cpw_pass_min_length, $cpw_pass_max_length); |
41 | } |
42 | |
43 | // do we need to do checks that are backend-specific and should |
44 | // be handled by a hook? I know of none now, but if there's a need |
45 | // for it we can add a hook for that here. |
46 | // those checks can also be done in the backend dochange() function. |
47 | |
48 | return $msg; |
49 | } |
50 | |
51 | |
52 | define('CPW_CURRENT_NOMATCH', _("Your current password is not correct.")); |
53 | define('CPW_INVALID_PW', _("Your new password contains invalid characters.")); |
54 | |
55 | /** |
56 | * Does the actual password changing (meaning it calls the hook function |
57 | * from the backend that does this. If something goes wrong, return error |
58 | * message(s). If everything ok, change the password in the session so the |
59 | * user doesn't have to log out, and redirect back to the options screen. |
60 | */ |
61 | function cpw_do_change() |
62 | { |
63 | global $cpw_backend; |
64 | sqgetGlobalVar('cpw_current', $curpw, SQ_POST); |
65 | sqgetGlobalVar('cpw_new', $newpw, SQ_POST); |
66 | sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION); |
67 | sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION); |
68 | sqgetGlobalVar('key', $key, SQ_COOKIE); |
69 | sqgetGlobalVar('username', $username, SQ_SESSION); |
70 | |
71 | require_once(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php'); |
72 | |
73 | $msgs = do_hook_function('change_password_dochange', |
74 | array ( |
75 | 'username' => $username, |
76 | 'curpw' => $curpw, |
77 | 'newpw' => $newpw |
78 | ) ); |
79 | |
80 | /* something bad happened, return */ |
81 | if(count($msgs) > 0) { |
82 | return $msgs; |
83 | } |
84 | |
85 | /* update our password stored in the session */ |
86 | $onetimepad = OneTimePadCreate(strlen($newpw)); |
87 | $_SESSION['onetimepad'] = $onetimepad; |
88 | $key = OneTimePadEncrypt($newpw, $onetimepad); |
89 | setcookie('key', $key, 0, $base_uri); |
90 | |
91 | /* make sure we write the session data before we redirect */ |
92 | session_write_close(); |
5c34b0bb |
93 | header('Location: '.SM_PATH. 'src/options.php?optmode=submit&plugin_change_password=1'); |
27663afe |
94 | exit; |
95 | } |