docs/users/password_change.php

   1 <?php
   2 /************************************************************************/
   3 /* ATutor                                                                                                                               */
   4 /************************************************************************/
   5 /* Copyright (c) 2002-2010                                              */
   6 /* Inclusive Design Institute                                           */
   7 /* http://atutor.ca                                                     */
   8 /* This program is free software. You can redistribute it and/or        */
   9 /* modify it under the terms of the GNU General Public License          */
  10 /* as published by the Free Software Foundation.                        */
  11 /************************************************************************/
  12 // $Id$
  13
  14 $page = 'profile';
  15 $_user_location = 'users';
  16
  17 define('AT_INCLUDE_PATH', '../include/');
  18 require(AT_INCLUDE_PATH.'vitals.inc.php');
  19
  20 if ($_SESSION['valid_user'] !== true) {
  21         require(AT_INCLUDE_PATH.'header.inc.php');
  22         $info = array('INVALID_USER', $_SESSION['course_id']);
  23         $msg->printInfos($info);
  24         require(AT_INCLUDE_PATH.'footer.inc.php');
  25         exit;
  26 }
  27
  28 if (isset($_POST['cancel'])) {
  29         $msg->addFeedback('CANCELLED');
  30         Header('Location: profile.php');
  31         exit;
  32 }
  33
  34 if (isset($_POST['submit'])) {
  35         if (!empty($_POST['form_old_password_hidden'])) {
  36                 //check if old password entered is correct
  37                 $sql    = "SELECT password FROM ".TABLE_PREFIX."members WHERE member_id=$_SESSION[member_id]";
  38                 $result = mysql_query($sql,$db);
  39                 if ($row = mysql_fetch_assoc($result)) {
  40                         if ($row['password'] != $_POST['form_old_password_hidden']) {
  41                                 $msg->addError('WRONG_PASSWORD');
  42                                 Header('Location: password_change.php');
  43                                 exit;
  44                         }
  45                 }
  46         } else {
  47                 $msg->addError(array('EMPTY_FIELDS', _AT('password')));
  48                 header('Location: password_change.php');
  49                 exit;
  50         }
  51
  52         /* password check: password is verified front end by javascript. here is to handle the errors from javascript */
  53         if ($_POST['password_error'] <> "")
  54         {
  55                 $pwd_errors = explode(",", $_POST['password_error']);
  56
  57                 foreach ($pwd_errors as $pwd_error)
  58                 {
  59                         if ($pwd_error == "missing_password")
  60                                 $missing_fields[] = _AT('password');
  61                         else
  62                                 $msg->addError($pwd_error);
  63                 }
  64         }
  65
  66         if (!$msg->containsErrors()) {
  67                 // insert into the db.
  68                 $password   = $addslashes($_POST['form_password_hidden']);
  69
  70                 $sql = "UPDATE ".TABLE_PREFIX."members SET password='$password', creation_date=creation_date, last_login=last_login WHERE member_id=$_SESSION[member_id]";
  71                 $result = mysql_query($sql,$db);
  72                 if (!$result) {
  73                         require(AT_INCLUDE_PATH.'header.inc.php');
  74                         $msg->printErrors('DB_NOT_UPDATED');
  75                         require(AT_INCLUDE_PATH.'footer.inc.php');
  76                         exit;
  77                 }
  78
  79                 $msg->addFeedback('PASSWORD_CHANGED');
  80                 header('Location: ./profile.php');
  81                 exit;
  82         }
  83 }
  84
  85 /* template starts here */
  86 $savant->display('users/password_change.tmpl.php');
  87
  88 ?>