Location: PHPKode > projects > top serious project > bco/change_password.php
<?php

/***************************************************************************
 *   Copyright 2003 Ian Meyer, Ian Pitcher
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

include("include.php");

// When the page is submitted.
if ($_POST['submit'] == "change password") { 
    // For some reason this shit looks ugly as fuck.
    if (trim(strip_tags($_POST['username'])) == "") {
        bco_error("Username field was empty.");
    }
    if (trim(strip_tags($_POST['old_password'])) == "") {
        bco_error("Old password field was empty.");
    }
    if (trim(strip_tags($_POST['password1'])) == "") {
        bco_error("New password field was empty.");
    }
    if (trim(strip_tags($_POST['password2'])) == "") {
        bco_error("New password (verify) field was empty.");
    }
    if (strlen($_POST['username']) > 25) {
        bco_error("Username is longer than 18 characters. Stop it.");
    }
    if (strlen($_POST['old_password']) > 25) {
        bco_error("Old password is longer than 18 characters. Stop it.");
    }
    if (strlen($_POST['password1']) > 25) {
        bco_error("New password is longer than 18 characters. Stop it.");
    }
    if (strlen($_POST['password2']) > 25) {
        bco_error("New password (verify) is longer than 18 characters. Stop it.");
    }
    if ($_POST['password1'] != $_POST['password2']) {
        bco_error("The new passwords do not match.");
    }
    if ($_POST['old_password'] == $_POST['password1']) {
        bco_error("Why do you want to change your new password to your current password?");
    }
    if (strlen($_POST['password1']) < 3) {
        bco_error("The new password must be no less than 3 characters and no more than 18 characters.");
    }
    $pwd_length = strlen($_POST['password1']);
    if (!preg_match("/^[\w\d]+$/i", $_POST['password1'])) {
        bco_error("New password must be alphanumeric no special characters.");
    }
    
    // Let's make sure the user exists and they're actually authorized.
    if (bco_authorize_user($_POST['username'],$_POST['old_password'])) {
        $userid = bco_get_users_id($_POST['username']);

        $update_pwd_query = "update users set password='" . md5($_POST['password1']) . "' where id=$userid";

        if (!pg_query($update_pwd_query)) {
            bco_error("Updating password failed: " . pg_last_error());
        }
        /* If the user has a signup email defined (which all users should)  */
        /* then email them a note informing them of the new password        */
        $get_email_query = "select email_signup from users where id=$userid";

        $result = @pg_query($get_email_query); // Don't show an bco_error if this fails. We'll just skip it.

        if (pg_num_rows($result) == 1) {
            $email = trim(pg_fetch_result($result, 0)); 
            if ($email != "") {
			    // Mail headers
			    $headers .= "MIME-Version: 1.0\n";
    			$headers .= "Content-type: text/plain; charset=iso-8859-1\n";
    			$headers .= "X-Priority: 1\n";
    			$headers .= "X-MSMail-Priority: High\n";
    			$headers .= "X-Mailer: PHP" . phpversion() . "\n";
    			$headers .= "From: \"" . ADMIN_NAME . "\" <" . ADMIN_EMAIL . ">\n";

                $mail_msg  = "Hi $_POST[username],\n\n";
                $mail_msg .= "This is just a friendly reminder that you changed your password and what it is changed to.\n\n";
                $mail_msg .= "Your new password is: $_POST[password1]\n\n";
                $mail_msg .= "Enjoy!\n\n" . ADMIN_NAME;
                mail("$email", "Password change reminder.", $mail_msg, $headers);
                // Let's set the message to be shown that their password has been emailed to them as well.
                $message = "<br />\n<br />\nA copy of your new password has been sent to $email. If you do not receive it, please notify the admin.";
            }
        }
        
        bco_html_header("Password successfully changed.");

        bco_index_menu("Password successfully changed.");

echo <<< END
\n<br />
<table width="100%" cellpadding="2" cellspacing="0" class="replytable">
    <tr>
        <td align="center" class="tr1">
        Your password has successfully been changed.$message
        <br />
        <br />
        Go back to the <a href="index.php" class="tr1">index</a>.<br />
        <strong>PLEASE MAKE SURE TO LOGOUT AND LOGIN FOR THIS TO TAKE EFFECT.</strong>
        </td>
    </tr>
</table>
END;
exit;
    } // end of authorize_user
    
}

/********************************************************************************/
/*                                                                              */
/* Display the page here if there is no processing to be done                   */
/*                                                                              */
/********************************************************************************/

bco_html_header("Change your password, money.");

bco_index_menu("Top serious password change.");

echo <<< END
\n<br />
<form method="post" action="$PHP_SELF">
<table width="100%" cellpadding="2" cellspacing="0" class="replytable">
    <tr>
        <td width="160" align="right" class="menu">username:</td>
        <td align="left"><input type="text" name="username" size="25" maxlength="25" class="textfield" /></td>
    </tr>
    <tr>
        <td width="160" align="right" class="menu">old password:</td>
        <td align="left"><input type="password" name="old_password" size="25" maxlength="25" class="textfield" /></td>
    </tr>
        <td width="160" align="right" class="menu">new password:</td>
        <td align="left"><input type="password" name="password1" size="25" maxlength="25" class="textfield" /></td>
    </tr>
    </tr>
        <td width="160" align="right" class="menu">new password verify:</td>
        <td align="left"><input type="password" name="password2" size="25" maxlength="25" class="textfield" /></td>
    </tr>
    </tr>
        <td width="130" align="right" class="menu">&nbsp;</td>
        <td align="left"><input type="submit" name="submit" value="change password" class="button" /></td>
    </tr>
</table>
</form>
END;

bco_html_footer();

?>
Return current item: top serious project