2 /************************************************************************/
4 /************************************************************************/
5 /* Copyright (c) 2002-2006 by Greg Gay, Joel Kronenberg & Heidi Hazelton*/
6 /* Adaptive Technology Resource Centre / University of Toronto */
9 /* This program is free software. You can redistribute it and/or */
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /************************************************************************/
13 // $Id: profile.php 6025 2006-03-28 20:13:55Z joel $
16 $_user_location = 'users';
18 define('AT_INCLUDE_PATH', '../include/');
19 require(AT_INCLUDE_PATH.'vitals.inc.php');
21 if ($_SESSION['valid_user'] !== true) {
22 require(AT_INCLUDE_PATH.'header.inc.php');
23 $info = array('INVALID_USER', $_SESSION['course_id']);
24 $msg->printInfos($info);
25 require(AT_INCLUDE_PATH.'footer.inc.php');
29 if (isset($_POST['cancel'])) {
30 $msg->addFeedback('CANCELLED');
31 Header('Location: profile.php');
35 if (isset($_POST['submit'])) {
36 if (!empty($_POST['old_password'])) {
37 //check if old password entered is correct
38 $sql = "SELECT password FROM ".TABLE_PREFIX."members WHERE member_id=$_SESSION[member_id]";
39 $result = mysql_query($sql,$db);
40 if ($row = mysql_fetch_assoc($result)) {
41 if ($row['password'] != trim($_POST['old_password'])) {
42 $msg->addError('WRONG_PASSWORD');
43 Header('Location: password_change.php');
48 $msg->addError(array('EMPTY_FIELDS', _AT('password')));
49 header('Location: password_change.php');
54 if ($_POST['password'] == '') {
55 $msg->addError(array('EMPTY_FIELDS', _AT('password')));
57 if ($_POST['password'] != $_POST['password2']) {
58 $msg->addError('PASSWORD_MISMATCH');
59 } else if (!preg_match('/^\w{8,}$/u', $_POST['password'])) { // strlen($_POST['password']) < 8
60 $msg->addError('PASSWORD_LENGTH');
61 } else if ((preg_match('/[a-z]+/i', $_POST['password']) + preg_match('/[0-9]+/i', $_POST['password']) + preg_match('/[_\-\/+!@#%^$*&)(|.]+/i', $_POST['password'])) < 2) {
62 $msg->addError('PASSWORD_CHARS');
66 if (!$msg->containsErrors()) {
67 // insert into the db.
68 $_POST['password'] = $addslashes($_POST['password']);
70 $sql = "UPDATE ".TABLE_PREFIX."members SET password='$_POST[password]', creation_date=creation_date, last_login=last_login WHERE member_id=$_SESSION[member_id]";
71 $result = mysql_query($sql,$db);
73 require(AT_INCLUDE_PATH.'header.inc.php');
74 $msg->printErrors('DB_NOT_UPDATED');
75 require(AT_INCLUDE_PATH.'footer.inc.php');
79 $msg->addFeedback('PASSWORD_CHANGED');
80 header('Location: ./profile.php');
85 /* template starts here */
86 $onload = 'document.form.old_password.focus();';
87 $savant->display('users/password_change.tmpl.php');