Location: PHPKode > projects > QuickTicket > quickticket/quickticket/qti_usr_pwd_chg.php
<?php

/*
 * PHP versions 4 and 5
 *
 * LICENSE: This source file is subject to version 3.0 of the PHP license
 * that is available through the world-wide-web at the following URI:
 * http://www.php.net/license. If you did not receive a copy of
 * the PHP License and are unable to obtain it through the web, please
 * send a note to hide@address.com so we can mail you a copy immediately.
 *
 * @category   Troubleticket
 * @package    QuickTicket
 * @author     Philippe Vandenberghe <hide@address.com>
 * @copyright  2008-2012 The PHP Group
 * @license    http://www.php.net/license  PHP License 3.0
 * @version    1.9.0.3 build:20081001
 * @link       http://www.qt-cute.org/doc/package/qti
 * @since      File available since Release 1.0.0
 * @deprecated File deprecated in Release 2.0.0
 *
 */

session_start();
require_once('bin/qti_init.php');
if ( !$oVIP->CanAccess('MU',0,true) ) die($L['E_member']);

// INITIALISE

include('bin/qt_lib_smtp.php');
include($_SESSION[QT]['language'].'/qti_lang_reg.inc');

$id = -1;
if ( isset($_GET['id']) ) $id = strip_tags($_GET['id']);
if ( isset($_POST['id']) ) $id = strip_tags($_POST['id']);
if ( $id<0 ) die('Missing parameters');

$oVIP->selfurl = 'qti_usr_pwd_chg.php';
$oVIP->selfname = $L['Change_password'];
$oVIP->exiturl = 'qti_usr.php';
$oVIP->exitname = '&laquo;'.S.$L['Profile'];

// --------
// SUBMITTED
// --------

if ( isset($_POST['ok']) )
{
  // CHECK VALUE
  $_POST['title'] = trim($_POST['title']); if ( get_magic_quotes_gpc() ) $_POST['title'] = stripslashes($_POST['title']);
  $_POST['title'] = QTconv($_POST['title'],'U');
  $_POST['newpwd'] = trim($_POST['newpwd']); if ( get_magic_quotes_gpc() ) $_POST['newpwd'] = stripslashes($_POST['newpwd']);
  $_POST['newpwd'] = QTconv($_POST['newpwd'],'U');
  $_POST['conpwd'] = trim($_POST['conpwd']); if ( get_magic_quotes_gpc() ) $_POST['conpwd'] = stripslashes($_POST['conpwd']);
  $_POST['conpwd'] = QTconv($_POST['conpwd'],'U');
  if ( !QTispassword($_POST['title']) ) $qti_error=$L['Old_password'].S.$L['E_invalid'];
  if ( !QTispassword($_POST['newpwd']) ) $qti_error=$L['New_password'].S.$L['E_invalid'];
  if ( !QTispassword($_POST['conpwd']) ) $qti_error=$L['Confirm_password'].S.$L['E_invalid'];
  if ( $_POST['title']==$_POST['newpwd'] ) $qti_error=$L['New_password'].S.$L['E_invalid'];
  if ( $_POST['conpwd']!=$_POST['newpwd'] ) $qti_error=$L['Confirm_password'].S.$L['E_invalid'];

  // CHECK OLD PWD

  if ( empty($qti_error) )
  {
    $oDB->Query('SELECT count(id) as countid FROM '.TABUSER.' WHERE id='.$id.' AND pwd="'.sha1($_POST['title']).'"');
    $row = $oDB->Getrow();
    if ($row['countid']==0) $qti_error=$L['Old_password'].S.$L['E_invalid'];
  }

  // EXECUTE

  if ( empty($qti_error) )
  {
    // save new password
    $oDB->Query('UPDATE '.TABUSER.' SET pwd="'.sha1($_POST['newpwd']).'" WHERE id='.$id);

    // send parent email (if coppa)
    if ( QTI_USE_COPPA && $_POST['child']!='0')
    {
      $strSubject = $_SESSION[QT]['site_name'].' - New password';
      $strMessage = "We inform you that your children has changed his/her password on the board {$_SESSION[QT]['site_name']}.\nLogin: %s\nPassword: %s";
      $strFile = $_SESSION[QT]['language'].'/mail_pwd_coppa.inc';
      if ( file_exists($strFile) ) include($strFile);
      $strMessage = sprintf($strMessage,$_POST['name'],$_POST['newpwd']);
      QTmail($_POST['parentmail'],QTconv($strSubject,'-4'),QTconv($strMessage,'-4'),QTI_HTML_CHAR);
    }

    // exit
    $oVIP->exiturl = 'qti_usr.php?id='.$id;
    $oVIP->exitname = $L['Profile'];
    $oVIP->EndMessage(NULL,$L['S_update'],$_SESSION[QT]['skin_dir'],2);
  }
}

// --------
// HTML START
// --------

include('qti_p_header.php');

// CHECK ACCESS RIGHT

if ( ( $oVIP->role!='A' ) && ($oVIP->id!=$id) ) die($L['R_member']);

// QUERY

$oDB->Query('SELECT name,mail,children,parentmail,avatar FROM '.TABUSER.' WHERE id='.$id);
$row = $oDB->Getrow();

// DISPLAY

echo '
<table class="ta_hidden" cellspacing="0">
<tr class="tr_hidden">
<td class="td_hidden" style="width:175px;">',AsImgBox(AsImg( (!empty($row['avatar']) ? 'avatar/'.$id.'.'.$row['avatar'] : ''),null,$row['name']),'div_pic_box',null,$row['name']),'</td>
<td class="td_hidden">
';

HtmlMsg(0,'350px','login_header',$oVIP->selfname,'login');
echo '
<script type="text/javascript">
<!--
function ValidateForm(theForm)
{
  if (theForm.title.value.length==0) { alert(html_entity_decode("',$L['E_mandatory'],': ',$L['Old_password'],'")); return false; }
  if (theForm.newpwd.value.length==0) { alert(html_entity_decode("',$L['E_mandatory'],': ',$L['New_password'],'")); return false; }
  if (theForm.conpwd.value.length==0) { alert(html_entity_decode("',$L['E_mandatory'],': ',$L['Confirm_password'],'")); return false; }
  return null;
}
-->
</script>
';

echo '<form method="post" action="',$oVIP->selfurl,'" onsubmit="return ValidateForm(this);">
<p style="text-align:right">',$L['Old_password'],'&nbsp;<input type="password" id="title" name="title" size="20" maxlength="24"/></p>
<p style="text-align:right">',$L['New_password'],'&nbsp;<input type="password" id="newpwd" name="newpwd" size="20" maxlength="24"/></p>
<p style="text-align:right">',$L['Confirm_password'],'&nbsp;<input type="password" id="conpwd" name="conpwd" size="20" maxlength="24" onKeyUp="handle_keypress(event,\'ok\')"/></p>
<p style="text-align:right">';
if ( !empty($qti_error) ) echo '<span class="error">',$qti_error,' </span>';
echo '<input type="submit" id="ok" name="ok" value="',$L['Save'],'"/></p>
<input type="hidden" name="id" value="',$id,'"/>
<input type="hidden" name="name" value="',$row['name'],'"/>
<input type="hidden" name="mail" value="',$row['mail'],'"/>
<input type="hidden" name="child" value="',$row['children'],'"/>
<input type="hidden" name="parentmail" value="',$row['parentmail'],'"/>
</form>
<p><a href="',$oVIP->exiturl,'?id=',$id,'">',$oVIP->exitname,'</a></p>
';
HtmlMsg(1);

echo '
</td>
</tr>
</table>
';

// HTML END

$strFooterAddScript = 'document.getElementById("title").focus();';

include('qti_p_footer.php');

?>
Return current item: QuickTicket