summaryrefslogtreecommitdiff
path: root/htdocs/moderate/changepassword.php
blob: 646af940d6c4b93a36a7506b09639b4ab1e204b2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?php
/* $Id: changepassword.php 134 2011-03-08 23:35:57Z jessemorgan $ */

require_once('../src/base.inc.php');

if (!isset($_SESSION['currentUser'])) {
    header('Location: ' . $CONFIG['siteroot'].'/admin/login.php');
    exit();
}

require_once('src/accounts.inc.php');

$form['errors'] = "";

if (count($_POST) > 0) {
    $errors = array();

    if (!isset($_POST['oldpassword']) or $_POST['oldpassword'] == '') {
        $errors[] = "Old Password is a required field.";
    }

    if (!isset($_POST['newpassword']) or $_POST['newpassword'] == '') {
        $errors[] = "New Password is a required field.";
    }

    if (!isset($_POST['newpassword2']) or $_POST['newpassword2'] == '') {
        $errors[] = "Confirm New Password is a required field.";
    }

    if (count($errors) == 0) {
        if ($_POST['newpassword'] != $_POST['newpassword2']) {
            $errors[] = "New password must match Confirm New Password";
        }
    
        $user = getAccount($_SESSION['currentUser']['id']);
        
        if (sha1($_POST['oldpassword']) != $user['password']) {
            $errors[] = "Old Password does not match your current password.";
        
        } else {
            // Update the password
            updatePassword($_SESSION['currentUser']['id'], $_POST['newpassword']);

            header("Location: index.php");
        }
    }
            
    
    if (count($errors) > 0) {
        $form['errors'] = "<ul><li>". implode("</li>\n<li>", $errors) ."</li></ul>";
    }
}

require_once('src/header.inc.php');

?>

<h2>Change Password</h2>

<?php
    echo $form['errors'];
?>

<form method="post">
<label>Old Password</label>
<div class="element">
    <input type="password" name="oldpassword" />
</div>

<label>New Password</label>
<div class="element">
    <input type="password" name="newpassword" />
</div>

<label>Confirm New Password</label>
<div class="element">
    <input type="password" name="newpassword2" />
</div>

<div class="buttons">
    <input type="submit" value="Change Password" />
</div>

<?php

require_once('src/footer.inc.php');

?>