<?php
/***************************************************************************
* Copyright 2003 Ian Meyer, Ian Pitcher
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
include("include.php");
// When the page is submitted.
if ($_POST['submit'] == "change password") {
// For some reason this shit looks ugly as fuck.
if (trim(strip_tags($_POST['username'])) == "") {
bco_error("Username field was empty.");
}
if (trim(strip_tags($_POST['old_password'])) == "") {
bco_error("Old password field was empty.");
}
if (trim(strip_tags($_POST['password1'])) == "") {
bco_error("New password field was empty.");
}
if (trim(strip_tags($_POST['password2'])) == "") {
bco_error("New password (verify) field was empty.");
}
if (strlen($_POST['username']) > 25) {
bco_error("Username is longer than 18 characters. Stop it.");
}
if (strlen($_POST['old_password']) > 25) {
bco_error("Old password is longer than 18 characters. Stop it.");
}
if (strlen($_POST['password1']) > 25) {
bco_error("New password is longer than 18 characters. Stop it.");
}
if (strlen($_POST['password2']) > 25) {
bco_error("New password (verify) is longer than 18 characters. Stop it.");
}
if ($_POST['password1'] != $_POST['password2']) {
bco_error("The new passwords do not match.");
}
if ($_POST['old_password'] == $_POST['password1']) {
bco_error("Why do you want to change your new password to your current password?");
}
if (strlen($_POST['password1']) < 3) {
bco_error("The new password must be no less than 3 characters and no more than 18 characters.");
}
$pwd_length = strlen($_POST['password1']);
if (!preg_match("/^[\w\d]+$/i", $_POST['password1'])) {
bco_error("New password must be alphanumeric no special characters.");
}
// Let's make sure the user exists and they're actually authorized.
if (bco_authorize_user($_POST['username'],$_POST['old_password'])) {
$userid = bco_get_users_id($_POST['username']);
$update_pwd_query = "update users set password='" . md5($_POST['password1']) . "' where id=$userid";
if (!pg_query($update_pwd_query)) {
bco_error("Updating password failed: " . pg_last_error());
}
/* If the user has a signup email defined (which all users should) */
/* then email them a note informing them of the new password */
$get_email_query = "select email_signup from users where id=$userid";
$result = @pg_query($get_email_query); // Don't show an bco_error if this fails. We'll just skip it.
if (pg_num_rows($result) == 1) {
$email = trim(pg_fetch_result($result, 0));
if ($email != "") {
// Mail headers
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\n";
$headers .= "X-Priority: 1\n";
$headers .= "X-MSMail-Priority: High\n";
$headers .= "X-Mailer: PHP" . phpversion() . "\n";
$headers .= "From: \"" . ADMIN_NAME . "\" <" . ADMIN_EMAIL . ">\n";
$mail_msg = "Hi $_POST[username],\n\n";
$mail_msg .= "This is just a friendly reminder that you changed your password and what it is changed to.\n\n";
$mail_msg .= "Your new password is: $_POST[password1]\n\n";
$mail_msg .= "Enjoy!\n\n" . ADMIN_NAME;
mail("$email", "Password change reminder.", $mail_msg, $headers);
// Let's set the message to be shown that their password has been emailed to them as well.
$message = "<br />\n<br />\nA copy of your new password has been sent to $email. If you do not receive it, please notify the admin.";
}
}
bco_html_header("Password successfully changed.");
bco_index_menu("Password successfully changed.");
echo <<< END
\n<br />
<table width="100%" cellpadding="2" cellspacing="0" class="replytable">
<tr>
<td align="center" class="tr1">
Your password has successfully been changed.$message
<br />
<br />
Go back to the <a href="index.php" class="tr1">index</a>.<br />
<strong>PLEASE MAKE SURE TO LOGOUT AND LOGIN FOR THIS TO TAKE EFFECT.</strong>
</td>
</tr>
</table>
END;
exit;
} // end of authorize_user
}
/********************************************************************************/
/* */
/* Display the page here if there is no processing to be done */
/* */
/********************************************************************************/
bco_html_header("Change your password, money.");
bco_index_menu("Top serious password change.");
echo <<< END
\n<br />
<form method="post" action="$PHP_SELF">
<table width="100%" cellpadding="2" cellspacing="0" class="replytable">
<tr>
<td width="160" align="right" class="menu">username:</td>
<td align="left"><input type="text" name="username" size="25" maxlength="25" class="textfield" /></td>
</tr>
<tr>
<td width="160" align="right" class="menu">old password:</td>
<td align="left"><input type="password" name="old_password" size="25" maxlength="25" class="textfield" /></td>
</tr>
<td width="160" align="right" class="menu">new password:</td>
<td align="left"><input type="password" name="password1" size="25" maxlength="25" class="textfield" /></td>
</tr>
</tr>
<td width="160" align="right" class="menu">new password verify:</td>
<td align="left"><input type="password" name="password2" size="25" maxlength="25" class="textfield" /></td>
</tr>
</tr>
<td width="130" align="right" class="menu"> </td>
<td align="left"><input type="submit" name="submit" value="change password" class="button" /></td>
</tr>
</table>
</form>
END;
bco_html_footer();
?>