users/password_change.php

   1 <?php
   2 /************************************************************************/
   3 /* ATutor                                                                                                                               */
   4 /************************************************************************/
   5 /* Copyright (c) 2002-2006 by Greg Gay, Joel Kronenberg & Heidi Hazelton*/
   6 /* Adaptive Technology Resource Centre / University of Toronto                  */
   7 /* http://atutor.ca                                                                                                             */
   8 /*                                                                                                                                              */
   9 /* This program is free software. You can redistribute it and/or                */
  10 /* modify it under the terms of the GNU General Public License                  */
  11 /* as published by the Free Software Foundation.                                                */
  12 /************************************************************************/
  13 // $Id: profile.php 6025 2006-03-28 20:13:55Z joel $
  14
  15 $page = 'profile';
  16 $_user_location = 'users';
  17
  18 define('AT_INCLUDE_PATH', '../include/');
  19 require(AT_INCLUDE_PATH.'vitals.inc.php');
  20
  21 if ($_SESSION['valid_user'] !== true) {
  22         require(AT_INCLUDE_PATH.'header.inc.php');
  23         $info = array('INVALID_USER', $_SESSION['course_id']);
  24         $msg->printInfos($info);
  25         require(AT_INCLUDE_PATH.'footer.inc.php');
  26         exit;
  27 }
  28
  29 if (isset($_POST['cancel'])) {
  30         $msg->addFeedback('CANCELLED');
  31         Header('Location: profile.php');
  32         exit;
  33 }
  34
  35 if (isset($_POST['submit'])) {
  36         if (!empty($_POST['old_password'])) {
  37                 //check if old password entered is correct
  38                 $sql    = "SELECT password FROM ".TABLE_PREFIX."members WHERE member_id=$_SESSION[member_id]";
  39                 $result = mysql_query($sql,$db);
  40                 if ($row = mysql_fetch_assoc($result)) {
  41                         if ($row['password'] != trim($_POST['old_password'])) {
  42                                 $msg->addError('WRONG_PASSWORD');
  43                                 Header('Location: password_change.php');
  44                                 exit;
  45                         }
  46                 }
  47         } else {
  48                 $msg->addError(array('EMPTY_FIELDS', _AT('password')));
  49                 header('Location: password_change.php');
  50                 exit;
  51         }
  52
  53         // new password check
  54         if ($_POST['password'] == '') {
  55                 $msg->addError(array('EMPTY_FIELDS', _AT('password')));
  56         } else {
  57                 if ($_POST['password'] != $_POST['password2']) {
  58                         $msg->addError('PASSWORD_MISMATCH');
  59                 } else if (!preg_match('/^\w{8,}$/u', $_POST['password'])) { // strlen($_POST['password']) < 8
  60                         $msg->addError('PASSWORD_LENGTH');
  61                 } else if ((preg_match('/[a-z]+/i', $_POST['password']) + preg_match('/[0-9]+/i', $_POST['password']) + preg_match('/[_\-\/+!@#%^$*&)(|.]+/i', $_POST['password'])) < 2) {
  62                         $msg->addError('PASSWORD_CHARS');
  63                 }
  64         }
  65
  66         if (!$msg->containsErrors()) {
  67                 // insert into the db.
  68                 $_POST['password']   = $addslashes($_POST['password']);
  69
  70                 $sql = "UPDATE ".TABLE_PREFIX."members SET password='$_POST[password]', creation_date=creation_date, last_login=last_login WHERE member_id=$_SESSION[member_id]";
  71                 $result = mysql_query($sql,$db);
  72                 if (!$result) {
  73                         require(AT_INCLUDE_PATH.'header.inc.php');
  74                         $msg->printErrors('DB_NOT_UPDATED');
  75                         require(AT_INCLUDE_PATH.'footer.inc.php');
  76                         exit;
  77                 }
  78
  79                 $msg->addFeedback('PASSWORD_CHANGED');
  80                 header('Location: ./profile.php');
  81                 exit;
  82         }
  83 }
  84
  85 /* template starts here */
  86 $onload = 'document.form.old_password.focus();';
  87 $savant->display('users/password_change.tmpl.php');
  88
  89 ?>