[session] Add simple "change password" GUI

4 files changed, 101 insertions, 15 deletions

diff --git a/modules-available/session/page.inc.php b/modules-available/session/page.inc.php
index 853f20e4..0a6eac77 100644
--- a/modules-available/session/page.inc.php
+++ b/modules-available/session/page.inc.php
@@ -6,30 +6,63 @@ class Page_Session extends Page
 	protected function doPreprocess()
 	{
 		User::load();
-		if (Request::post('action') === 'login') {
+		$action = Request::post('action');
+		if ($action === 'login') {
 			// Login - see if already logged in
 			if (User::isLoggedIn()) // and then just redirect
-				Util::redirect('?do=Main');
+				Util::redirect('?do=main');
 			// Else, try to log in
 			if (User::login(Request::post('user'), Request::post('pass')))
-				Util::redirect('?do=Main');
+				Util::redirect('?do=main');
 			// Login credentials wrong - delay and show error message
 			sleep(1);
 			Message::addError('loginfail');
 		}
-		if (Request::post('action') === 'logout') {
+		if ($action === 'logout') {
 			// Log user out (or do nothing if not logged in)
 			User::logout();
-			Util::redirect('?do=Main');
+			Util::redirect('?do=main');
+		}
+		if ($action === 'changepw') {
+			if (!User::isLoggedIn()) {
+				Util::redirect('?do=main');
+			}
+			// Now check if the user supplied the corrent current password, and the new password twice
+			$old = Request::post('old', false, 'string');
+			$new = Request::post('newpass1', false, 'string');
+			if ($old === false || $new === false) {
+				Message::addError('main.empty-field');
+				Util::redirect('?do=session');
+			}
+			if (!User::testPassword(User::getId(), $old)) {
+				sleep(1);
+				Message::addError('wrong-password');
+				Util::redirect('?do=session');
+			}
+			if (strlen($new) < 4) {
+				Message::addError('pass-too-short');
+				Util::redirect('?do=session');
+			}
+			if ($new !== Request::post('newpass2', false, 'string')) {
+				Message::addError('adduser.password-mismatch');
+				Util::redirect('?do=session');
+			}
+			if (User::updatePassword($new)) {
+				Message::addSuccess('password-changed');
+			} else {
+				Message::addWarning('password-unchanged');
+			}
+			Util::redirect('?do=session');
 		}
-
-		if (User::isLoggedIn())
-			Util::redirect('?do=Main');
 	}
 
 	protected function doRender()
 	{
-		Render::addTemplate('page-login');
+		if (User::isLoggedIn()) {
+			Render::addTemplate('change-password');
+		} else {
+			Render::addTemplate('page-login');
+		}
 	}
 
 }
diff --git a/modules-available/session/style.css b/modules-available/session/style.css
new file mode 100644
index 00000000..f7800155
--- /dev/null
+++ b/modules-available/session/style.css
@@ -0,0 +1,43 @@
+.form-signin {
+    max-width: 330px;
+    padding: 15px;
+    margin: 0 auto;
+}
+
+.form-signin .form-signin-heading,
+.form-signin .checkbox {
+    margin-bottom: 10px;
+}
+
+.form-signin .checkbox {
+    font-weight: normal;
+}
+
+.form-signin .form-control {
+    position: relative;
+    font-size: 16px;
+    height: auto;
+    padding: 10px;
+    -webkit-box-sizing: border-box;
+    -moz-box-sizing: border-box;
+    box-sizing: border-box;
+}
+
+.form-signin input[type="text"],
+.form-signin input[type="password"] {
+    border-radius: 0;
+    margin-bottom: -1px;
+}
+
+.form-signin input[type="text"]:first-child,
+.form-signin input[type="password"]:first-child {
+    border-top-left-radius: 4px;
+    border-top-right-radius: 4px;
+}
+
+.form-signin input[type="text"]:last-child,
+.form-signin input[type="password"]:last-child {
+    margin-bottom: 10px;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+}
\ No newline at end of file
diff --git a/modules-available/session/templates/change-password.html b/modules-available/session/templates/change-password.html
new file mode 100644
index 00000000..70ab7b92
--- /dev/null
+++ b/modules-available/session/templates/change-password.html
@@ -0,0 +1,11 @@
+<form class="form-signin" action="?do=Session" method="post">
+	<h2 class="form-signin-heading">{{lang_changePassword}}</h2>
+	<div>
+		<input type="password" name="old" class="form-control" placeholder="{{lang_currentPassword}}" autofocus>
+		<input type="password" name="newpass1" class="form-control" placeholder="{{lang_newPassword}}">
+		<input type="password" name="newpass2" class="form-control" placeholder="{{lang_repeatPassword}}">
+	</div>
+	<button class="btn btn-lg btn-primary btn-block" type="submit">{{lang_changePassword}}</button>
+	<input type="hidden" name="action" value="changepw">
+	<input type="hidden" name="token" value="{{token}}">
+</form>
\ No newline at end of file
diff --git a/modules-available/session/templates/page-login.html b/modules-available/session/templates/page-login.html
index 247e9a55..4be7232a 100644
--- a/modules-available/session/templates/page-login.html
+++ b/modules-available/session/templates/page-login.html
@@ -1,11 +1,10 @@
 <form class="form-signin" action="?do=Session" method="post">
 	<h2 class="form-signin-heading">{{lang_enter}}</h2>
-	<input type="text" name="user" class="form-control" placeholder="{{lang_username}}" autofocus>
-	<input type="password" name="pass" class="form-control" placeholder="{{lang_password}}">
-	<!--label class="checkbox">
-		<input type="checkbox" name="remember" value="remember-me"> {{lang_rememberID}}
-	</label-->
+	<div>
+		<input type="text" name="user" class="form-control" placeholder="{{lang_username}}" autofocus>
+		<input type="password" name="pass" class="form-control" placeholder="{{lang_password}}">
+	</div>
 	<button class="btn btn-lg btn-primary btn-block" type="submit">{{lang_login}}</button>
-	<a class="btn btn-lg btn-primary btn-block" href="?do=AddUser">{{lang_register}}</a>
+	<a class="btn btn-lg btn-default btn-block" href="?do=AddUser">{{lang_register}}</a>
 	<input type="hidden" name="action" value="login">
 </form>
\ No newline at end of file