mods/_core/users/admins/my_password.php

   1 <?php
   2 /************************************************************************/
   3 /* ATutor                                                                                                                               */
   4 /************************************************************************/
   5 /* Copyright (c) 2002-2010                                              */
   6 /* Inclusive Design Institute                                           */
   7 /* http://atutor.ca                                                     */
   8 /* This program is free software. You can redistribute it and/or        */
   9 /* modify it under the terms of the GNU General Public License          */
  10 /* as published by the Free Software Foundation.                        */
  11 /************************************************************************/
  12 // $Id$
  13 define('AT_INCLUDE_PATH', '../../../../include/');
  14 require(AT_INCLUDE_PATH.'vitals.inc.php');
  15
  16 if ($_SESSION['valid_user'] !== true) {
  17         require(AT_INCLUDE_PATH.'header.inc.php');
  18         $info = array('INVALID_USER', $_SESSION['course_id']);
  19         $msg->printInfos($info);
  20         require(AT_INCLUDE_PATH.'footer.inc.php');
  21         exit;
  22 }
  23
  24 if (isset($_POST['cancel'])) {
  25         $msg->addFeedback('CANCELLED');
  26         header('Location: '.AT_BASE_HREF.'admin/index.php');
  27         exit;
  28 }
  29
  30 if (isset($_POST['submit'])) {
  31         if (!empty($_POST['form_old_password_hidden'])) {
  32                 //check if old password entered is correct
  33                 $sql    = "SELECT password FROM ".TABLE_PREFIX."admins WHERE login='$_SESSION[login]'";
  34                 $result = mysql_query($sql,$db);
  35                 if ($row = mysql_fetch_assoc($result)) {
  36                         if ($row['password'] != $_POST['form_old_password_hidden']) {
  37                                 $msg->addError('WRONG_PASSWORD');
  38                                 Header('Location: my_password.php');
  39                                 exit;
  40                         }
  41                 }
  42         } else {
  43                 $msg->addError(array('EMPTY_FIELDS', _AT('password')));
  44                 header('Location: my_password.php');
  45                 exit;
  46         }
  47
  48         // new password check
  49         if ($_POST['password_error'] <> "")
  50         {
  51                 $pwd_errors = explode(",", $_POST['password_error']);
  52
  53                 foreach ($pwd_errors as $pwd_error)
  54                 {
  55                         if ($pwd_error == "missing_password")
  56                                 $missing_fields[] = _AT('password');
  57                         else
  58                                 $msg->addError($pwd_error);
  59                 }
  60         }
  61
  62         if (!$msg->containsErrors()) {
  63                 $password   = addslashes($_POST['form_password_hidden']);
  64
  65                 $sql    = "UPDATE ".TABLE_PREFIX."admins SET password='$password', last_login=last_login WHERE login='$_SESSION[login]'";
  66                 $result = mysql_query($sql, $db);
  67
  68                 $msg->addFeedback('PASSWORD_CHANGED');
  69                 header('Location: '.AT_BASE_HREF.'admin/index.php');
  70                 exit;
  71         }
  72 }
  73
  74 /* template starts here */
  75 $savant->display('users/password_change.tmpl.php');
  76
  77 ?>