diff options
author | Andrew Dolgov <[email protected]> | 2007-03-02 21:49:47 +0100 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2007-03-02 21:49:47 +0100 |
commit | d95bd220320efac33a699ea8c5c32e2f4fd51e40 (patch) | |
tree | eeb759d9e66d5c1e1b4ab6f849b06698e925205e | |
parent | 0077a65cb469dafb744d18bd05cf9144defbe76f (diff) |
ajaxify password changer
-rw-r--r-- | modules/pref-prefs.php | 105 | ||||
-rw-r--r-- | prefs.js | 39 |
2 files changed, 104 insertions, 40 deletions
diff --git a/modules/pref-prefs.php b/modules/pref-prefs.php index fd796bcc1..66201f8b0 100644 --- a/modules/pref-prefs.php +++ b/modules/pref-prefs.php @@ -10,6 +10,53 @@ function module_pref_prefs($link) { $subop = $_REQUEST["subop"]; + if ($subop == "change-password") { + + $old_pw = $_POST["OLD_PASSWORD"]; + $new_pw = $_POST["NEW_PASSWORD"]; + $con_pw = $_POST["CONFIRM_PASSWORD"]; + + if ($old_pw == "") { + print "ERROR: Old password cannot be blank."; + return; + } + + if ($new_pw == "") { + print "ERROR: New password cannot be blank."; + return; + } + + if ($new_pw != $con_pw) { + print "ERROR: Entered passwords do not match."; + return; + } + + $old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]); + $new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]); + + $active_uid = $_SESSION["uid"]; + + if ($old_pw && $new_pw) { + + $login = db_escape_string($_SERVER['PHP_AUTH_USER']); + + $result = db_query($link, "SELECT id FROM ttrss_users WHERE + id = '$active_uid' AND (pwd_hash = '$old_pw' OR + pwd_hash = '$old_pw_hash')"); + + if (db_num_rows($result) == 1) { + db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash' + WHERE id = '$active_uid'"); + + print "Password has been changed."; + } else { + print "ERROR: Old password is incorrect."; + } + } + + return; + } + if ($subop == "Save configuration") { $_SESSION["prefs_op_result"] = "save-config"; @@ -78,36 +125,6 @@ return prefs_js_redirect(); - } else if ($subop == "Change password") { - - $old_pw = $_POST["OLD_PASSWORD"]; - $new_pw = $_POST["OLD_PASSWORD"]; - - $old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]); - $new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]); - - $active_uid = $_SESSION["uid"]; - - if ($old_pw && $new_pw) { - - $login = db_escape_string($_SERVER['PHP_AUTH_USER']); - - $result = db_query($link, "SELECT id FROM ttrss_users WHERE - id = '$active_uid' AND (pwd_hash = '$old_pw' OR - pwd_hash = '$old_pw_hash')"); - - if (db_num_rows($result) == 1) { - db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash' - WHERE id = '$active_uid'"); - - $_SESSION["pwd_change_result"] = "ok"; - } else { - $_SESSION["pwd_change_result"] = "failed"; - } - } - - return prefs_js_redirect(); - } else if ($subop == "Reset to defaults") { $_SESSION["prefs_op_result"] = "reset-to-defaults"; @@ -167,7 +184,7 @@ print format_warning("Your password is at default value, please change it."); } - if ($_SESSION["pwd_change_result"] == "failed") { +/* if ($_SESSION["pwd_change_result"] == "failed") { print format_warning("Could not change the password."); } @@ -175,7 +192,7 @@ print format_notice("Password was changed."); } - $_SESSION["pwd_change_result"] = ""; + $_SESSION["pwd_change_result"] = ""; */ if ($_SESSION["prefs_op_result"] == "reset-to-defaults") { print format_notice("The configuration was reset to defaults."); @@ -210,30 +227,40 @@ print "</form>"; - print "<form action=\"backend.php\" method=\"POST\" name=\"changePassForm\">"; + print "<form action=\"backend.php\" method=\"POST\" + name=\"change_pass_form\" id=\"change_pass_form\">"; print "<table width=\"100%\" class=\"prefPrefsList\">"; print "<tr><td colspan='3'><h3>Authentication</h3></tr></td>"; print "<tr><td width=\"40%\">Old password</td>"; print "<td><input class=\"editbox\" type=\"password\" + onkeypress=\"return filterCR(event, changeUserPassword)\" name=\"OLD_PASSWORD\"></td></tr>"; print "<tr><td width=\"40%\">New password</td>"; print "<td><input class=\"editbox\" type=\"password\" + onkeypress=\"return filterCR(event, changeUserPassword)\" name=\"NEW_PASSWORD\"></td></tr>"; - + + print "<tr><td width=\"40%\">Confirm password</td>"; + + print "<td><input class=\"editbox\" type=\"password\" + onkeypress=\"return filterCR(event, changeUserPassword)\" + name=\"CONFIRM_PASSWORD\"></td></tr>"; + print "</table>"; print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">"; - - print "<p><input class=\"button\" type=\"submit\" - onclick=\"return validateNewPassword(this.form)\" - value=\"Change password\" name=\"subop\">"; - + print "<input type=\"hidden\" name=\"subop\" value=\"change-password\">"; + print "</form>"; + print "<p><input class=\"button\" type=\"submit\" + onclick=\"return changeUserPassword()\" + value=\"Change password\">"; + } $result = db_query($link, "SELECT @@ -124,13 +124,26 @@ function gethelp_callback() { } } - function notify_callback() { if (xmlhttp.readyState == 4) { notify_info(xmlhttp.responseText); } } + +function changepass_callback() { + if (xmlhttp.readyState == 4) { + + if (xmlhttp.responseText.indexOf("ERROR: ") == 0) { + notify_error(xmlhttp.responseText.replace("ERROR: ", "")); + } else { + notify_info(xmlhttp.responseText); + } + + document.forms['change_pass_form'].reset(); + } +} + function updateFeedList(sort_key) { if (!xmlhttp_ready(xmlhttp)) { @@ -1585,4 +1598,28 @@ function showFeedsWithErrors() { displayDlg('feedUpdateErrors'); } +function changeUserPassword() { + + try { + + if (!xmlhttp_ready(xmlhttp)) { + printLockingError(); + return false; + } + + var query = Form.serialize("change_pass_form"); + + notify_progress("Trying to change password..."); + + xmlhttp.open("POST", "backend.php", true); + xmlhttp.onreadystatechange=changepass_callback; + xmlhttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); + xmlhttp.send(query); + + } catch (e) { + exception_error("changeUserPassword", e); + } + + return false; +} |