From ad4f4e405aed82cd0f87e51874043a2d054a1c01 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 8 Sep 2016 18:43:47 +0200 Subject: [session] Add simple "change password" GUI --- modules-available/session/page.inc.php | 51 ++++++++++++++++++++++++++++------ 1 file changed, 42 insertions(+), 9 deletions(-) (limited to 'modules-available/session/page.inc.php') diff --git a/modules-available/session/page.inc.php b/modules-available/session/page.inc.php index 853f20e4..0a6eac77 100644 --- a/modules-available/session/page.inc.php +++ b/modules-available/session/page.inc.php @@ -6,30 +6,63 @@ class Page_Session extends Page protected function doPreprocess() { User::load(); - if (Request::post('action') === 'login') { + $action = Request::post('action'); + if ($action === 'login') { // Login - see if already logged in if (User::isLoggedIn()) // and then just redirect - Util::redirect('?do=Main'); + Util::redirect('?do=main'); // Else, try to log in if (User::login(Request::post('user'), Request::post('pass'))) - Util::redirect('?do=Main'); + Util::redirect('?do=main'); // Login credentials wrong - delay and show error message sleep(1); Message::addError('loginfail'); } - if (Request::post('action') === 'logout') { + if ($action === 'logout') { // Log user out (or do nothing if not logged in) User::logout(); - Util::redirect('?do=Main'); + Util::redirect('?do=main'); + } + if ($action === 'changepw') { + if (!User::isLoggedIn()) { + Util::redirect('?do=main'); + } + // Now check if the user supplied the corrent current password, and the new password twice + $old = Request::post('old', false, 'string'); + $new = Request::post('newpass1', false, 'string'); + if ($old === false || $new === false) { + Message::addError('main.empty-field'); + Util::redirect('?do=session'); + } + if (!User::testPassword(User::getId(), $old)) { + sleep(1); + Message::addError('wrong-password'); + Util::redirect('?do=session'); + } + if (strlen($new) < 4) { + Message::addError('pass-too-short'); + Util::redirect('?do=session'); + } + if ($new !== Request::post('newpass2', false, 'string')) { + Message::addError('adduser.password-mismatch'); + Util::redirect('?do=session'); + } + if (User::updatePassword($new)) { + Message::addSuccess('password-changed'); + } else { + Message::addWarning('password-unchanged'); + } + Util::redirect('?do=session'); } - - if (User::isLoggedIn()) - Util::redirect('?do=Main'); } protected function doRender() { - Render::addTemplate('page-login'); + if (User::isLoggedIn()) { + Render::addTemplate('change-password'); + } else { + Render::addTemplate('page-login'); + } } } -- cgit v1.2.3-55-g7522