4 * Will verify the input against a set of criteria:
5 * is every field supplied, does verify password match,
6 * does current password validate, ..
7 * These criteria are for now backend-independant.
8 * @return array Array with zero or more error messages.
10 function cpw_check_input()
12 global $cpw_pass_min_length, $cpw_pass_max_length;
15 sqgetGlobalVar('cpw_curpass', $currentpw, SQ_POST
);
16 sqgetGlobalVar('cpw_newpass', $newpw, SQ_POST
);
17 sqgetGlobalVar('cpw_verify', $verifypw, SQ_POST
);
18 // for decrypting current password
19 sqgetGlobalVar('key', $key, SQ_COOKIE
);
20 sqgetGlobalVar('onetimepad', $onetimepad,SQ_SESSION
);
25 $msg[] = _("You must type in your current password.");
26 } elseif($currentpw != OneTimePadDecrypt($key, $onetimepad)) {
27 $msg[] = _("Your current password is not correct.");
30 $msg[] = _("You must type in a new password.");
33 $msg[] = _("You must also type in your new password in the verify box.");
34 } elseif ($verifypw != $newpw) {
35 $msg[] = _("Your new password does not match the verify password.");
37 if($newpw && (strlen($newpw) < $cpw_pass_min_length ||
38 strlen($newpw) > $cpw_pass_max_length ) ) {
39 $msg[] = sprintf(_("Your new password should be %s to %s characters long."),
40 $cpw_pass_min_length, $cpw_pass_max_length);
43 // do we need to do checks that are backend-specific and should
44 // be handled by a hook? I know of none now, but if there's a need
45 // for it we can add a hook for that here.
46 // those checks can also be done in the backend dochange() function.
52 define('CPW_CURRENT_NOMATCH', _("Your current password is not correct."));
53 define('CPW_INVALID_PW', _("Your new password contains invalid characters."));
56 * Does the actual password changing (meaning it calls the hook function
57 * from the backend that does this. If something goes wrong, return error
58 * message(s). If everything ok, change the password in the session so the
59 * user doesn't have to log out, and redirect back to the options screen.
61 function cpw_do_change()
64 sqgetGlobalVar('cpw_current', $curpw, SQ_POST
);
65 sqgetGlobalVar('cpw_new', $newpw, SQ_POST
);
66 sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION
);
67 sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION
);
68 sqgetGlobalVar('key', $key, SQ_COOKIE
);
69 sqgetGlobalVar('username', $username, SQ_SESSION
);
71 require_once(SM_PATH
. 'plugins/change_password/backend/'.$cpw_backend.'.php');
73 $msgs = do_hook_function('change_password_dochange',
75 'username' => $username,
80 /* something bad happened, return */
81 if(count($msgs) > 0) {
85 /* update our password stored in the session */
86 $onetimepad = OneTimePadCreate(strlen($newpw));
87 $_SESSION['onetimepad'] = $onetimepad;
88 $key = OneTimePadEncrypt($newpw, $onetimepad);
89 setcookie('key', $key, 0, $base_uri);
91 /* make sure we write the session data before we redirect */
92 session_write_close();
93 header('Location: '.SM_PATH
. 'src/options.php?optmode=submit&plugin_change_password=1');