Location: PHPKode > projects > Slashster > slashster/html/changepassword.php
<?

# Slashster: Open Source Friend of a Friend Software
# Copyright 2004 Mark El-Wakil
# Contact: hide@address.com
# http://seventhcycle.net
#
# This file is part of Slashster.
#
# Slashster is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Slashster is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Slashster; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

    import_request_variables("gPc");

    require_once("PageClass.php");

    $mpage = new PageClass("authonly");  
    $mpage->MembersOnly();

    if (($_SERVER[SERVER_PORT] != 443) && $mpage->sys[securenbl])
    {
        $url = $mpage->sys[secureurl];
        $url .= $_SERVER[SCRIPT_NAME];
        $url .= "?" . $_SERVER[QUERY_STRING] . "&" . sid;
             
        header("Location: $url");
        exit; 
    }


    $mpage->Initialize("authremainder"); 

    $msg = "";

    $errmsg = "";

    if ($submit)
    {
         $pass1 = trim($pass1);
         $pass2 = trim($pass2);

         if (strlen($pass1) < 4)
         {
             $errmsg = "Your password must be at least 4 characters in length";
         }

         if (!$errmsg && ($pass1 != $pass2))
         {
             $errmsg = "Passwords do not match.";
         }

         if ($oldpass)
         {
              $sql = "select count(*) from UserTable where Pass = md5(concat(\"$oldpass\",Salt)) 
                      AND Id = $mpage->IdNum";
              $pp = $mpage->DoQuery($sql,1);
              $pp = $pp[0][0];

              if ($pp)
              {
                  $errmsg = "Incorrect Old Password";
              }
         }

    }

    if ($errmsg)
    {
        $msg = "Error: " . $errmsg 
             . "<BR><small style=\"color:black;\">Your stats haven't been updated</small>";
    }

    if ($submit && !$errmsg)
    {
          $sql = "update UserTable set Pass= md5(concat(\"$pass1\", Salt))
                  where Id = $mpage->IdNum";
          $mpage->DoQuery($sql);

          if (!$oldpass || !$mpage->user[AES])
          {
               $sql = "delete from PrivateMessage where Owner=$mpage->IdNum AND Encrypted=1";
               $mpage->DoQuery($sql);

               $mpage->MakeCert($mpage->IdNum, $pass1);
          }
          else
          {
               $aess = base64_decode($mpage->user[AES]);
               
               $sql = "select AES_DECRYPT(\"".mysql_escape_string($aess)."\", \"$oldpass\") ";
               $aess = $mpage->DoQuery($sql);
               $aess = $aess[0][0];

               $sql = "select AES_ENCRYPT(\"$aess\", \"$pass1\") ";
               $aess = $mpage->DoQuery($sql);
               $aess = $aess[0][0];

               $aess = base64_encode($aess);

               $sql = "update UserTable set AES = \"$aess\"
                       where Id = $mpage->IdNum"; 

               $mpage->DoQuery($sql);
          }


          $msg = "Thank you.  You have been emailed a copy for safekeeping.";
          
          $txt .= "Dear " . $mpage->user[Fname] . "\n\n";   

          $txt .= "Your password to ". $mpage->sys[sitename]
               .  " has been changed.  Here is a copy for safekeeping.\n\n";
     
          $txt .= "Login: " . $mpage->user[Email] . "\n";
          $txt .= "Pass : " . $pass1;
          $txt .= "\n\n";
        
          $txt .= "Thanks!";
     
          mail($mpage->user[Email], $mpage->sys[sitename] . ": Changed Password",
               $txt, "From: robot@".$mpage->sys[sitedomain]."\r\n");
    }



    $sql = "select * from UserTable where Id = $mpage->IdNum";
    $r = $mpage->DoQuery($sql,1);
    $r = $r[0];

?>


<? if ($msg) { ?>

<P><BR>
<table border=4 bordercolor=red cellspacing=0 cellpadding=5px align=center>
<tr><td style="font: bold 16px arial; color:red;">
<?= $msg ?>
</td></tr>
</table>
<P>

<? } ?>

<script>

function validate(v)
{
   if (v.oldpass.value == "")
   {
       txt = "You did not enter an old password.  Without\n"
       txt = txt + "an old password, your encrypted messages\n"
       txt = txt + "will be deleted.  Continue?"

       g = confirm(txt)

       if (g == false) return false
       return true
   }

   return true

}

</script>


<form name=frm method=post onsubmit="return validate(this)">
<table cellpadding=0 cellspacing=0 width=400 align=center>

<tr>
<td colspan=2>
<p class="title1">Change Password<BR><BR>
</td>             
</tr>

<tr>
<td class="stdtable" width=150><B>Old Password: *</b></td>
<td class="stdfilling" width=250>
<input name="oldpass" style="width:250px" type=password>
</td>
</tr>

<tr>
<td class="stdtable" width=150><B>New Password:</b></td>
<td class="stdfilling" width=250>
<input name="pass1" style="width:250px" type=password>
</td>
</tr>

<tr> 
<td class="stdtable" width=150><B>Repeat Password:</b></td> 
<td class="stdfilling" width=250>
<input name="pass2" style="width:250px" type=password>                                             
</td>
</tr>

<tr><td colspan=2><BR>
* Your old password is not required to set a new password.  However,
without an old password, all of your old encrypted messages will be deleted,
as they rely on your old password to decrypt them.

</td></tr>

</table>

<BR>
<div style="width:600px" align=center>

<input class="submit" type="submit" value="submit" name="submit">

</div>


</form>





<? $mpage->ClosePage() ?>


Return current item: Slashster