diff options
| author | Andrew Dolgov <[email protected]> | 2007-03-02 21:49:47 +0100 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2007-03-02 21:49:47 +0100 |
| commit | d95bd220320efac33a699ea8c5c32e2f4fd51e40 (patch) | |
| tree | eeb759d9e66d5c1e1b4ab6f849b06698e925205e /modules | |
| parent | 0077a65cb469dafb744d18bd05cf9144defbe76f (diff) | |
ajaxify password changer
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/pref-prefs.php | 105 |
1 files changed, 66 insertions, 39 deletions
diff --git a/modules/pref-prefs.php b/modules/pref-prefs.php index fd796bcc1..66201f8b0 100644 --- a/modules/pref-prefs.php +++ b/modules/pref-prefs.php @@ -10,6 +10,53 @@ function module_pref_prefs($link) { $subop = $_REQUEST["subop"]; + if ($subop == "change-password") { + + $old_pw = $_POST["OLD_PASSWORD"]; + $new_pw = $_POST["NEW_PASSWORD"]; + $con_pw = $_POST["CONFIRM_PASSWORD"]; + + if ($old_pw == "") { + print "ERROR: Old password cannot be blank."; + return; + } + + if ($new_pw == "") { + print "ERROR: New password cannot be blank."; + return; + } + + if ($new_pw != $con_pw) { + print "ERROR: Entered passwords do not match."; + return; + } + + $old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]); + $new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]); + + $active_uid = $_SESSION["uid"]; + + if ($old_pw && $new_pw) { + + $login = db_escape_string($_SERVER['PHP_AUTH_USER']); + + $result = db_query($link, "SELECT id FROM ttrss_users WHERE + id = '$active_uid' AND (pwd_hash = '$old_pw' OR + pwd_hash = '$old_pw_hash')"); + + if (db_num_rows($result) == 1) { + db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash' + WHERE id = '$active_uid'"); + + print "Password has been changed."; + } else { + print "ERROR: Old password is incorrect."; + } + } + + return; + } + if ($subop == "Save configuration") { $_SESSION["prefs_op_result"] = "save-config"; @@ -78,36 +125,6 @@ return prefs_js_redirect(); - } else if ($subop == "Change password") { - - $old_pw = $_POST["OLD_PASSWORD"]; - $new_pw = $_POST["OLD_PASSWORD"]; - - $old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]); - $new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]); - - $active_uid = $_SESSION["uid"]; - - if ($old_pw && $new_pw) { - - $login = db_escape_string($_SERVER['PHP_AUTH_USER']); - - $result = db_query($link, "SELECT id FROM ttrss_users WHERE - id = '$active_uid' AND (pwd_hash = '$old_pw' OR - pwd_hash = '$old_pw_hash')"); - - if (db_num_rows($result) == 1) { - db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash' - WHERE id = '$active_uid'"); - - $_SESSION["pwd_change_result"] = "ok"; - } else { - $_SESSION["pwd_change_result"] = "failed"; - } - } - - return prefs_js_redirect(); - } else if ($subop == "Reset to defaults") { $_SESSION["prefs_op_result"] = "reset-to-defaults"; @@ -167,7 +184,7 @@ print format_warning("Your password is at default value, please change it."); } - if ($_SESSION["pwd_change_result"] == "failed") { +/* if ($_SESSION["pwd_change_result"] == "failed") { print format_warning("Could not change the password."); } @@ -175,7 +192,7 @@ print format_notice("Password was changed."); } - $_SESSION["pwd_change_result"] = ""; + $_SESSION["pwd_change_result"] = ""; */ if ($_SESSION["prefs_op_result"] == "reset-to-defaults") { print format_notice("The configuration was reset to defaults."); @@ -210,30 +227,40 @@ print "</form>"; - print "<form action=\"backend.php\" method=\"POST\" name=\"changePassForm\">"; + print "<form action=\"backend.php\" method=\"POST\" + name=\"change_pass_form\" id=\"change_pass_form\">"; print "<table width=\"100%\" class=\"prefPrefsList\">"; print "<tr><td colspan='3'><h3>Authentication</h3></tr></td>"; print "<tr><td width=\"40%\">Old password</td>"; print "<td><input class=\"editbox\" type=\"password\" + onkeypress=\"return filterCR(event, changeUserPassword)\" name=\"OLD_PASSWORD\"></td></tr>"; print "<tr><td width=\"40%\">New password</td>"; print "<td><input class=\"editbox\" type=\"password\" + onkeypress=\"return filterCR(event, changeUserPassword)\" name=\"NEW_PASSWORD\"></td></tr>"; - + + print "<tr><td width=\"40%\">Confirm password</td>"; + + print "<td><input class=\"editbox\" type=\"password\" + onkeypress=\"return filterCR(event, changeUserPassword)\" + name=\"CONFIRM_PASSWORD\"></td></tr>"; + print "</table>"; print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">"; - - print "<p><input class=\"button\" type=\"submit\" - onclick=\"return validateNewPassword(this.form)\" - value=\"Change password\" name=\"subop\">"; - + print "<input type=\"hidden\" name=\"subop\" value=\"change-password\">"; + print "</form>"; + print "<p><input class=\"button\" type=\"submit\" + onclick=\"return changeUserPassword()\" + value=\"Change password\">"; + } $result = db_query($link, "SELECT |