Location: PHPKode > projects > QuickTalk Forum > quicktalk/qtf_user_pwd_chg.php
<?php

/**
* PHP versions 4 and 5
*
* LICENSE: This source file is subject to version 3.0 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license.  If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to hide@address.com so we can mail you a copy immediately.
*
* @category   Forum
* @package    QuickTalk
* @author     Philippe Vandenberghe <hide@address.com>
* @copyright  2008-2012 The PHP Group
* @version    2.5 build:20100924
* @since      File available since Release 1.0.0
* @deprecated File deprecated in Release 3.0.0
*/

session_start();
require_once('bin/qtf_init.php');
if ( !$oVIP->CanView('U') ) die($L['E_member']);

// INITIALISE

include('bin/qt_lib_smtp.php');
include(Translate('qtf_reg.php'));

$id = -1;
if ( isset($_GET['id']) ) $id = intval(strip_tags($_GET['id']));
if ( isset($_POST['id']) ) $id = intval(strip_tags($_POST['id']));
if ( $id<=0 ) die('Missing parameter');

$oVIP->selfurl = 'qtf_user_pwd_chg.php';
$oVIP->selfname = $L['Change_password'];
$oVIP->exiturl = 'qtf_user.php?id='.$id;
$oVIP->exitname = '&laquo; '.$L['Profile'];

// --------
// SUBMITTED
// --------

if ( isset($_POST['ok']) )
{
  // CHECK VALUE and protection against injection

  if ( !QTispassword($_POST['title']) ) $error=$L['Old_password'].S.$L['E_invalid'];
  if ( !QTispassword($_POST['newpwd']) ) $error=$L['New_password'].S.$L['E_invalid'];
  if ( !QTispassword($_POST['conpwd']) ) $error=$L['Confirm_password'].S.$L['E_invalid'];
  if ( $_POST['title']==$_POST['newpwd'] ) $error=$L['New_password'].S.$L['E_invalid'];
  if ( $_POST['conpwd']!=$_POST['newpwd'] ) $error=$L['Confirm_password'].S.$L['E_invalid'];

  // CHECK OLD PWD

  if ( empty($error) )
  {
    $oDB->Query('SELECT count(id) as countid FROM '.TABUSER.' WHERE id='.$id.' AND pwd="'.sha1($_POST['title']).'"');
    $row = $oDB->Getrow();
    if ($row['countid']==0) $error=$L['Old_password'].S.$L['E_invalid'];
  }

  // EXECUTE

  if ( empty($error) )
  {
    // send parent email (if coppa)
    if ($_POST['child']!='0') {
    if ( $_SESSION[QT]['register_coppa']=='1') {
        $strSubject="New password";
        $strMessage="We inform you that your children has changed his/her password on the board {$_SESSION[QT]['site_name']}.\nLogin: %s\nPassword: %s";
        $strFile = GetLang().'mail_pwd_coppa.php';
        if ( file_exists($strFile) ) include($strFile);
        $strMessage = sprintf($strMessage,$_POST['name'],$_POST['newpwd']);
        QTmail($_POST['parentmail'],$strSubject,$strMessage,QTF_HTML_CHAR);
    }}

    // save new password
    $oDB->Query('UPDATE '.TABUSER.' SET pwd="'.sha1($_POST['newpwd']).'" WHERE id='.$id);

    // exit
    $oVIP->exitname = $L['Profile'];
    $oVIP->EndMessage(NULL,$L['S_update'],$_SESSION[QT]['skin_dir'],2);
  }
}

// --------
// HTML START
// --------

include('qtf_p_header.php');

// CHECK ACCESS RIGHT

if ($id < 0) die('Missing parameters');
if ( ( $oVIP->role!='A' ) && ($oVIP->id!=$id) ) die($L['R_member']);

// QUERY

$oDB->Query('SELECT name,mail,children,parentmail,picture FROM '.TABUSER.' WHERE id='.$id);
$row = $oDB->Getrow();

// DISPLAY

echo '
<table class="hidden" cellspacing="0" summary="change password">
<tr class="hidden">
<td class="hidden" style="width:175px"><br/>',AsImgBox( (empty($row['picture']) ? '' : AsImg(QTF_DIR_PIC.$row['picture']) ),'picbox','',$row['name']),'</td>
<td class="hidden">
';

HtmlMsg(0,'350px','login_header',$oVIP->selfname,'login');

echo '<form method="post" action="',Href($oVIP->selfurl),'" onsubmit="return ValidateForm(this);">
<p style="text-align:right">',$L['Old_password'],'&nbsp;<input type="password" id="title" name="title" size="20" maxlength="24"/></p>
<p style="text-align:right">',$L['New_password'],'&nbsp;<input type="password" id="newpwd" name="newpwd" size="20" maxlength="24"/></p>
<p style="text-align:right">',$L['Confirm_password'],'&nbsp;<input type="password" id="conpwd" name="conpwd" size="20" maxlength="24" onKeyUp="handle_keypress(event,\'ok\')"/></p>
<p style="text-align:right">';
if ( !empty($error) ) echo '<span class="error">',$error,' </span>';
echo '<input type="submit" id="ok" name="ok" value="',$L['Save'],'"/></p>
<input type="hidden" name="id" value="',$id,'"/>
<input type="hidden" name="name" value="',$row['name'],'"/>
<input type="hidden" name="mail" value="',$row['mail'],'"/>
<input type="hidden" name="child" value="',$row['children'],'"/>
<input type="hidden" name="parentmail" value="',$row['parentmail'],'"/>
</form>
';
HtmlMsg(1);

echo '
</td>
</tr>
</table>
<p><a href="',Href($oVIP->exiturl),'">',$oVIP->exitname,'</a></p>
';

// HTML END

$strFooterAddScript = '
<script type="text/javascript">
<!--
document.getElementById("title").focus();
function ValidateForm(theForm)
{
  if (theForm.title.value.length==0) { alert(qtHtmldecode("'.$L['E_mandatory'].': '.$L['Old_password'].'")); return false; }
  if (theForm.newpwd.value.length==0) { alert(qtHtmldecode("'.$L['E_mandatory'].': '.$L['New_password'].'")); return false; }
  if (theForm.conpwd.value.length==0) { alert(qtHtmldecode("'.$L['E_mandatory'].': '.$L['Confirm_password'].'")); return false; }
  return null;
}
-->
</script>
';

include('qtf_p_footer.php');

?>
Return current item: QuickTalk Forum