blob: 0a6eac77ec1b5b2ac863c454a24136c37eb9f779 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
<?php
class Page_Session extends Page
{
protected function doPreprocess()
{
User::load();
$action = Request::post('action');
if ($action === 'login') {
// Login - see if already logged in
if (User::isLoggedIn()) // and then just redirect
Util::redirect('?do=main');
// Else, try to log in
if (User::login(Request::post('user'), Request::post('pass')))
Util::redirect('?do=main');
// Login credentials wrong - delay and show error message
sleep(1);
Message::addError('loginfail');
}
if ($action === 'logout') {
// Log user out (or do nothing if not logged in)
User::logout();
Util::redirect('?do=main');
}
if ($action === 'changepw') {
if (!User::isLoggedIn()) {
Util::redirect('?do=main');
}
// Now check if the user supplied the corrent current password, and the new password twice
$old = Request::post('old', false, 'string');
$new = Request::post('newpass1', false, 'string');
if ($old === false || $new === false) {
Message::addError('main.empty-field');
Util::redirect('?do=session');
}
if (!User::testPassword(User::getId(), $old)) {
sleep(1);
Message::addError('wrong-password');
Util::redirect('?do=session');
}
if (strlen($new) < 4) {
Message::addError('pass-too-short');
Util::redirect('?do=session');
}
if ($new !== Request::post('newpass2', false, 'string')) {
Message::addError('adduser.password-mismatch');
Util::redirect('?do=session');
}
if (User::updatePassword($new)) {
Message::addSuccess('password-changed');
} else {
Message::addWarning('password-unchanged');
}
Util::redirect('?do=session');
}
}
protected function doRender()
{
if (User::isLoggedIn()) {
Render::addTemplate('change-password');
} else {
Render::addTemplate('page-login');
}
}
}
|