docs/profile/change_password.php

   1 <?php
   2 /************************************************************************/
   3 /* AContent                                                             */
   4 /************************************************************************/
   5 /* Copyright (c) 2010                                                   */
   6 /* Inclusive Design Institute                                           */
   7 /*                                                                      */
   8 /* This program is free software. You can redistribute it and/or        */
   9 /* modify it under the terms of the GNU General Public License          */
  10 /* as published by the Free Software Foundation.                        */
  11 /************************************************************************/
  12
  13 define('TR_INCLUDE_PATH', '../include/');
  14 require(TR_INCLUDE_PATH.'vitals.inc.php');
  15
  16 global $_current_user;
  17
  18 if (!isset($_current_user)) {
  19         require(TR_INCLUDE_PATH.'header.inc.php');
  20         $msg->printInfos('INVALID_USER');
  21         require(TR_INCLUDE_PATH.'footer.inc.php');
  22         exit;
  23 }
  24
  25 if (isset($_POST['cancel'])) {
  26         $msg->addFeedback('CANCELLED');
  27         Header('Location: ../index.php');
  28         exit;
  29 }
  30
  31 if (isset($_POST['submit'])) {
  32         if (!empty($_POST['form_old_password_hidden']))
  33         {
  34                 //check if old password entered is correct
  35                 if ($row = $_current_user->getInfo())
  36                 {
  37                         if ($row['password'] != $_POST['form_old_password_hidden'])
  38                         {
  39                                 $msg->addError('WRONG_PASSWORD');
  40                                 Header('Location: change_password.php');
  41                                 exit;
  42                         }
  43                 }
  44         }
  45         else
  46         {
  47                 $msg->addError(array('EMPTY_FIELDS', _AT('password')));
  48                 header('Location: change_password.php');
  49                 exit;
  50         }
  51
  52         /* password check: password is verified front end by javascript. here is to handle the errors from javascript */
  53         if ($_POST['password_error'] <> "")
  54         {
  55                 $pwd_errors = explode(",", $_POST['password_error']);
  56
  57                 foreach ($pwd_errors as $pwd_error)
  58                 {
  59                         if ($pwd_error == "missing_password")
  60                                 $missing_fields[] = _AT('password');
  61                         else
  62                                 $msg->addError($pwd_error);
  63                 }
  64         }
  65
  66         if (!$msg->containsErrors()) {
  67                 // insert into the db.
  68                 $password   = $addslashes($_POST['form_password_hidden']);
  69
  70                 if (!$_current_user->setPassword($password))
  71                 {
  72                         require(TR_INCLUDE_PATH.'header.inc.php');
  73                         $msg->printErrors('DB_NOT_UPDATED');
  74                         require(TR_INCLUDE_PATH.'footer.inc.php');
  75                         exit;
  76                 }
  77
  78                 $msg->addFeedback('PASSWORD_CHANGED');
  79         }
  80 }
  81
  82 /* template starts here */
  83 $savant->display('profile/change_password.tmpl.php');
  84
  85 ?>