admin/admins/my_password.php

   1 <?php
   2 /************************************************************************/
   3 /* ATutor                                                                                                                               */
   4 /************************************************************************/
   5 /* Copyright (c) 2002-2008 by Greg Gay, Joel Kronenberg & Heidi Hazelton*/
   6 /* Adaptive Technology Resource Centre / University of Toronto                  */
   7 /* http://atutor.ca                                                                                                             */
   8 /*                                                                                                                                              */
   9 /* This program is free software. You can redistribute it and/or                */
  10 /* modify it under the terms of the GNU General Public License                  */
  11 /* as published by the Free Software Foundation.                                                */
  12 /************************************************************************/
  13 // $Id$
  14 define('AT_INCLUDE_PATH', '../../include/');
  15 require(AT_INCLUDE_PATH.'vitals.inc.php');
  16
  17 if ($_SESSION['valid_user'] !== true) {
  18         require(AT_INCLUDE_PATH.'header.inc.php');
  19         $info = array('INVALID_USER', $_SESSION['course_id']);
  20         $msg->printInfos($info);
  21         require(AT_INCLUDE_PATH.'footer.inc.php');
  22         exit;
  23 }
  24
  25 if (isset($_POST['cancel'])) {
  26         $msg->addFeedback('CANCELLED');
  27         header('Location: '.AT_BASE_HREF.'admin/index.php');
  28         exit;
  29 }
  30
  31 if (isset($_POST['submit'])) {
  32         if (!empty($_POST['form_old_password_hidden'])) {
  33                 //check if old password entered is correct
  34                 $sql    = "SELECT password FROM ".TABLE_PREFIX."admins WHERE login='$_SESSION[login]'";
  35                 $result = mysql_query($sql,$db);
  36                 if ($row = mysql_fetch_assoc($result)) {
  37                         if ($row['password'] != $_POST['form_old_password_hidden']) {
  38                                 $msg->addError('WRONG_PASSWORD');
  39                                 Header('Location: my_password.php');
  40                                 exit;
  41                         }
  42                 }
  43         } else {
  44                 $msg->addError(array('EMPTY_FIELDS', _AT('password')));
  45                 header('Location: my_password.php');
  46                 exit;
  47         }
  48
  49         // new password check
  50         if ($_POST['password_error'] <> "")
  51         {
  52                 $pwd_errors = explode(",", $_POST['password_error']);
  53
  54                 foreach ($pwd_errors as $pwd_error)
  55                 {
  56                         if ($pwd_error == "missing_password")
  57                                 $missing_fields[] = _AT('password');
  58                         else
  59                                 $msg->addError($pwd_error);
  60                 }
  61         }
  62
  63         if (!$msg->containsErrors()) {
  64                 $password   = addslashes($_POST['form_password_hidden']);
  65
  66                 $sql    = "UPDATE ".TABLE_PREFIX."admins SET password='$password', last_login=last_login WHERE login='$_SESSION[login]'";
  67                 $result = mysql_query($sql, $db);
  68
  69                 $msg->addFeedback('PASSWORD_CHANGED');
  70                 header('Location: '.AT_BASE_HREF.'admin/index.php');
  71                 exit;
  72         }
  73 }
  74
  75 /* template starts here */
  76 $savant->display('users/password_change.tmpl.php');
  77
  78 ?>