| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * Will verify the input against a set of criteria: |
| 5 | * is every field supplied, does verify password match, |
| 6 | * does current password validate, .. |
| 7 | * These criteria are for now backend-independant. |
| 8 | * @return array Array with zero or more error messages. |
| 9 | */ |
| 10 | function cpw_check_input() |
| 11 | { |
| 12 | global $cpw_pass_min_length, $cpw_pass_max_length; |
| 13 | |
| 14 | // formdata |
| 15 | sqgetGlobalVar('cpw_curpass', $currentpw, SQ_POST); |
| 16 | sqgetGlobalVar('cpw_newpass', $newpw, SQ_POST); |
| 17 | sqgetGlobalVar('cpw_verify', $verifypw, SQ_POST); |
| 18 | // for decrypting current password |
| 19 | sqgetGlobalVar('key', $key, SQ_COOKIE); |
| 20 | sqgetGlobalVar('onetimepad', $onetimepad,SQ_SESSION); |
| 21 | |
| 22 | $msg = array(); |
| 23 | |
| 24 | if(!$currentpw) { |
| 25 | $msg[] = _("You must type in your current password."); |
| 26 | } elseif($currentpw != OneTimePadDecrypt($key, $onetimepad)) { |
| 27 | $msg[] = _("Your current password is not correct."); |
| 28 | } |
| 29 | if(!$newpw) { |
| 30 | $msg[] = _("You must type in a new password."); |
| 31 | } |
| 32 | if(!$verifypw) { |
| 33 | $msg[] = _("You must also type in your new password in the verify box."); |
| 34 | } elseif ($verifypw != $newpw) { |
| 35 | $msg[] = _("Your new password does not match the verify password."); |
| 36 | } |
| 37 | if($newpw && (strlen($newpw) < $cpw_pass_min_length || |
| 38 | strlen($newpw) > $cpw_pass_max_length ) ) { |
| 39 | $msg[] = sprintf(_("Your new password should be %s to %s characters long."), |
| 40 | $cpw_pass_min_length, $cpw_pass_max_length); |
| 41 | } |
| 42 | |
| 43 | // do we need to do checks that are backend-specific and should |
| 44 | // be handled by a hook? I know of none now, but if there's a need |
| 45 | // for it we can add a hook for that here. |
| 46 | // those checks can also be done in the backend dochange() function. |
| 47 | |
| 48 | return $msg; |
| 49 | } |
| 50 | |
| 51 | |
| 52 | define('CPW_CURRENT_NOMATCH', _("Your current password is not correct.")); |
| 53 | define('CPW_INVALID_PW', _("Your new password contains invalid characters.")); |
| 54 | |
| 55 | /** |
| 56 | * Does the actual password changing (meaning it calls the hook function |
| 57 | * from the backend that does this. If something goes wrong, return error |
| 58 | * message(s). If everything ok, change the password in the session so the |
| 59 | * user doesn't have to log out, and redirect back to the options screen. |
| 60 | */ |
| 61 | function cpw_do_change() |
| 62 | { |
| 63 | global $cpw_backend; |
| 64 | sqgetGlobalVar('cpw_current', $curpw, SQ_POST); |
| 65 | sqgetGlobalVar('cpw_new', $newpw, SQ_POST); |
| 66 | sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION); |
| 67 | sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION); |
| 68 | sqgetGlobalVar('key', $key, SQ_COOKIE); |
| 69 | sqgetGlobalVar('username', $username, SQ_SESSION); |
| 70 | |
| 71 | require_once(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php'); |
| 72 | |
| 73 | $msgs = do_hook_function('change_password_dochange', |
| 74 | array ( |
| 75 | 'username' => $username, |
| 76 | 'curpw' => $curpw, |
| 77 | 'newpw' => $newpw |
| 78 | ) ); |
| 79 | |
| 80 | /* something bad happened, return */ |
| 81 | if(count($msgs) > 0) { |
| 82 | return $msgs; |
| 83 | } |
| 84 | |
| 85 | /* update our password stored in the session */ |
| 86 | $onetimepad = OneTimePadCreate(strlen($newpw)); |
| 87 | $_SESSION['onetimepad'] = $onetimepad; |
| 88 | $key = OneTimePadEncrypt($newpw, $onetimepad); |
| 89 | setcookie('key', $key, 0, $base_uri); |
| 90 | |
| 91 | /* make sure we write the session data before we redirect */ |
| 92 | session_write_close(); |
| 93 | header('Location: '.get_location(). '/options.php?optmode=submit&plugin_change_password=1'); |
| 94 | exit; |
| 95 | } |