From ad4f4e405aed82cd0f87e51874043a2d054a1c01 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 8 Sep 2016 18:43:47 +0200
Subject: [session] Add simple "change password" GUI

---
 modules-available/session/page.inc.php | 51 ++++++++++++++++++++++++++++------
 1 file changed, 42 insertions(+), 9 deletions(-)

(limited to 'modules-available/session/page.inc.php')

diff --git a/modules-available/session/page.inc.php b/modules-available/session/page.inc.php
index 853f20e4..0a6eac77 100644
--- a/modules-available/session/page.inc.php
+++ b/modules-available/session/page.inc.php
@@ -6,30 +6,63 @@ class Page_Session extends Page
 	protected function doPreprocess()
 	{
 		User::load();
-		if (Request::post('action') === 'login') {
+		$action = Request::post('action');
+		if ($action === 'login') {
 			// Login - see if already logged in
 			if (User::isLoggedIn()) // and then just redirect
-				Util::redirect('?do=Main');
+				Util::redirect('?do=main');
 			// Else, try to log in
 			if (User::login(Request::post('user'), Request::post('pass')))
-				Util::redirect('?do=Main');
+				Util::redirect('?do=main');
 			// Login credentials wrong - delay and show error message
 			sleep(1);
 			Message::addError('loginfail');
 		}
-		if (Request::post('action') === 'logout') {
+		if ($action === 'logout') {
 			// Log user out (or do nothing if not logged in)
 			User::logout();
-			Util::redirect('?do=Main');
+			Util::redirect('?do=main');
+		}
+		if ($action === 'changepw') {
+			if (!User::isLoggedIn()) {
+				Util::redirect('?do=main');
+			}
+			// Now check if the user supplied the corrent current password, and the new password twice
+			$old = Request::post('old', false, 'string');
+			$new = Request::post('newpass1', false, 'string');
+			if ($old === false || $new === false) {
+				Message::addError('main.empty-field');
+				Util::redirect('?do=session');
+			}
+			if (!User::testPassword(User::getId(), $old)) {
+				sleep(1);
+				Message::addError('wrong-password');
+				Util::redirect('?do=session');
+			}
+			if (strlen($new) < 4) {
+				Message::addError('pass-too-short');
+				Util::redirect('?do=session');
+			}
+			if ($new !== Request::post('newpass2', false, 'string')) {
+				Message::addError('adduser.password-mismatch');
+				Util::redirect('?do=session');
+			}
+			if (User::updatePassword($new)) {
+				Message::addSuccess('password-changed');
+			} else {
+				Message::addWarning('password-unchanged');
+			}
+			Util::redirect('?do=session');
 		}
-
-		if (User::isLoggedIn())
-			Util::redirect('?do=Main');
 	}
 
 	protected function doRender()
 	{
-		Render::addTemplate('page-login');
+		if (User::isLoggedIn()) {
+			Render::addTemplate('change-password');
+		} else {
+			Render::addTemplate('page-login');
+		}
 	}
 
 }
-- 
cgit v1.2.3-55-g7522