2 /************************************************************************/
4 /************************************************************************/
5 /* Copyright (c) 2002-2008 by Greg Gay, Joel Kronenberg & Heidi Hazelton*/
6 /* Adaptive Technology Resource Centre / University of Toronto */
9 /* This program is free software. You can redistribute it and/or */
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /************************************************************************/
14 define('AT_INCLUDE_PATH', '../../include/');
15 require(AT_INCLUDE_PATH.'vitals.inc.php');
17 if ($_SESSION['valid_user'] !== true) {
18 require(AT_INCLUDE_PATH.'header.inc.php');
19 $info = array('INVALID_USER', $_SESSION['course_id']);
20 $msg->printInfos($info);
21 require(AT_INCLUDE_PATH.'footer.inc.php');
25 if (isset($_POST['cancel'])) {
26 $msg->addFeedback('CANCELLED');
27 header('Location: '.AT_BASE_HREF.'admin/index.php');
31 if (isset($_POST['submit'])) {
32 if (!empty($_POST['form_old_password_hidden'])) {
33 //check if old password entered is correct
34 $sql = "SELECT password FROM ".TABLE_PREFIX."admins WHERE login='$_SESSION[login]'";
35 $result = mysql_query($sql,$db);
36 if ($row = mysql_fetch_assoc($result)) {
37 if ($row['password'] != $_POST['form_old_password_hidden']) {
38 $msg->addError('WRONG_PASSWORD');
39 Header('Location: my_password.php');
44 $msg->addError(array('EMPTY_FIELDS', _AT('password')));
45 header('Location: my_password.php');
50 if ($_POST['password_error'] <> "")
52 $pwd_errors = explode(",", $_POST['password_error']);
54 foreach ($pwd_errors as $pwd_error)
56 if ($pwd_error == "missing_password")
57 $missing_fields[] = _AT('password');
59 $msg->addError($pwd_error);
63 if (!$msg->containsErrors()) {
64 $password = addslashes($_POST['form_password_hidden']);
66 $sql = "UPDATE ".TABLE_PREFIX."admins SET password='$password', last_login=last_login WHERE login='$_SESSION[login]'";
67 $result = mysql_query($sql, $db);
69 $msg->addFeedback('PASSWORD_CHANGED');
70 header('Location: '.AT_BASE_HREF.'admin/index.php');
75 /* template starts here */
76 $savant->display('users/password_change.tmpl.php');