Location: PHPKode > projects > QuickTicket > quickticket/qti_user_pwd.php
<?php

/**
* PHP versions 5
*
* LICENSE: This source file is subject to version 3.0 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license. If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to hide@address.com so we can mail you a copy immediately.
*
* @package    QuickTicket
* @author     Philippe Vandenberghe <hide@address.com>
* @copyright  2008-2012 The PHP Group
* @version    2.5 build:20101222
*/

session_start();
require_once('bin/qti_init.php');
if ( !$oVIP->CanView('U') ) die($L['E_member']);

// INITIALISE

include('bin/qt_lib_smtp.php');
include(GetLang().'qti_reg.php');

$id = -1; QThttpvar('id','int'); if ( $id<0 ) die('Missing parameters');

$oVIP->selfurl = 'qti_user_pwd.php';
$oVIP->selfname = $L['Change_password'];
$oVIP->exiturl = 'qti_user.php?id='.$id;
$oVIP->exitname = $L['Profile'];

// --------
// SUBMITTED
// --------

if ( isset($_POST['ok']) )
{
  // CHECK VALUE
  $_POST['title'] = trim($_POST['title']); if ( get_magic_quotes_gpc() ) $_POST['title'] = stripslashes($_POST['title']);
  $_POST['title'] = QTconv($_POST['title'],'U');
  $_POST['newpwd'] = trim($_POST['newpwd']); if ( get_magic_quotes_gpc() ) $_POST['newpwd'] = stripslashes($_POST['newpwd']);
  $_POST['newpwd'] = QTconv($_POST['newpwd'],'U');
  $_POST['conpwd'] = trim($_POST['conpwd']); if ( get_magic_quotes_gpc() ) $_POST['conpwd'] = stripslashes($_POST['conpwd']);
  $_POST['conpwd'] = QTconv($_POST['conpwd'],'U');
  if ( !QTispassword($_POST['title']) ) $error=$L['Old_password'].' '.$L['E_invalid'];
  if ( !QTispassword($_POST['newpwd']) ) $error=$L['New_password'].' '.$L['E_invalid'];
  if ( !QTispassword($_POST['conpwd']) ) $error=$L['Confirm_password'].' '.$L['E_invalid'];
  if ( $_POST['title']==$_POST['newpwd'] ) $error=$L['New_password'].' '.$L['E_invalid'];
  if ( $_POST['conpwd']!=$_POST['newpwd'] ) $error=$L['Confirm_password'].' '.$L['E_invalid'];

  // CHECK OLD PWD

  if ( empty($error) )
  {
    $oDB->Query('SELECT count(id) as countid FROM '.TABUSER.' WHERE id='.$id.' AND pwd="'.sha1($_POST['title']).'"');
    $row = $oDB->Getrow();
    if ($row['countid']==0) $error=$L['Old_password'].' '.$L['E_invalid'];
  }

  // EXECUTE

  if ( empty($error) )
  {
    // save new password
    $oDB->Query('UPDATE '.TABUSER.' SET pwd="'.sha1($_POST['newpwd']).'" WHERE id='.$id);

    // send parent email (if coppa)
    if ( QTI_USE_COPPA && $_POST['child']!='0')
    {
      $strSubject = $_SESSION[QT]['site_name'].' - New password';
      $strMessage = "We inform you that your children has changed his/her password on the board {$_SESSION[QT]['site_name']}.\nLogin: %s\nPassword: %s";
      $strFile = GetLang().'mail_pwd_coppa.php';
      if ( file_exists($strFile) ) include($strFile);
      $strMessage = sprintf($strMessage,$_POST['name'],$_POST['newpwd']);
      QTmail($_POST['parentmail'],QTconv($strSubject,'-4'),QTconv($strMessage,'-4'),QTI_HTML_CHAR);
    }

    // exit
    $oVIP->EndMessage(NULL,$L['S_update'],$_SESSION[QT]['skin_dir'],2);
  }
}

// --------
// HTML START
// --------

include('qti_p_header.php');

// CHECK ACCESS RIGHT

if ( $oVIP->role!='A' && $oVIP->id!=$id ) die(Error(11));

// QUERY

$oDB->Query('SELECT name,mail,children,parentmail,photo FROM '.TABUSER.' WHERE id='.$id);
$row = $oDB->Getrow();

// DISPLAY

echo '
<table class="hidden" cellspacing="0">
<tr class="hidden">
<td class="hidden" style="width:175px;"><br />',AsImgBox(AsImg(AsAvatarScr($row['photo']),'',$row['name'],'member'),'picbox','',$row['name']),'</td>
<td class="hidden">
';

$oHtml->Msgbox($oVIP->selfname,array(),array('id'=>'login_header'),array('id'=>'login'));

echo '
<script type="text/javascript">
<!--
function ValidateForm(theForm)
{
  if (theForm.title.value.length==0) { alert(qtHtmldecode("',$L['Missing'],': ',$L['Old_password'],'")); return false; }
  if (theForm.newpwd.value.length==0) { alert(qtHtmldecode("',$L['Missing'],': ',$L['New_password'],'")); return false; }
  if (theForm.conpwd.value.length==0) { alert(qtHtmldecode("',$L['Missing'],': ',$L['Confirm_password'],'")); return false; }
  return null;
}
-->
</script>
';

echo '<form method="post" action="',Href(),'" onsubmit="return ValidateForm(this);">
<p>',$L['Old_password'],'&nbsp;<input type="password" id="title" name="title" size="20" maxlength="24" /></p>
<p>',$L['New_password'],'&nbsp;<input type="password" id="newpwd" name="newpwd" size="20" maxlength="24" /></p>
<p>',$L['Confirm_password'],'&nbsp;<input type="password" id="conpwd" name="conpwd" size="20" maxlength="24" onkeyup="qtKeypress(event,\'ok\')" /></p>
<p>';
if ( !empty($error) ) echo '<span class="error">',$error,' </span>';
echo '<input type="submit" id="ok" name="ok" value="',$L['Save'],'" /></p>
<input type="hidden" name="id" value="',$id,'" />
<input type="hidden" name="name" value="',$row['name'],'" />
<input type="hidden" name="mail" value="',$row['mail'],'" />
<input type="hidden" name="child" value="',$row['children'],'" />
<input type="hidden" name="parentmail" value="',$row['parentmail'],'" />
</form>
';
$oHtml->Msgbox();

echo '
</td>
</tr>
</table>
<p><a href="',Href($oVIP->exiturl),'?id=',$id,'">&laquo; ',$oVIP->exitname,'</a></p>
';

// HTML END

$strFooterAddScript = '
<script type="text/javascript">
<!--
document.getElementById("title").focus();
-->
</script>
';

include('qti_p_footer.php');

?>
Return current item: QuickTicket